Canadian small businesses vulnerable to cyber attacks, survey shows
The new survey commissioned by the Insurance Bureau of Canada finds that businesses spend little on protection despite rising concerns about cybercrime.
Despite the increased threat of cyber attacks during the pandemic, almost half (47%) of Canadian small businesses surveyed say they do not allocate any portion of their annual operating budget to cyber security. This marks an increase of 14% from 2019, when one-third (33%) said they do not allocate any budget to cyber security, according to a new Leger survey, commissioned by the Insurance Bureau of Canada (IBC).
In 2021, 41% of small businesses that ever suffered a cyber attack reported that it cost them at least $100,000, up from 37% in 2019. However, fewer than half of the businesses surveyed (46%) said they have implemented defences against possible cyber attacks, and only a quarter (24%) say they plan to purchase cyber insurance within the next year.
“The COVID-19 pandemic has forced many small businesses to adopt digital processes and move some of their traditional business online,” said Jordan Brennan, IBC’s vice president, policy development. “Unfortunately, this has created increased opportunities for cybercrime. While cyber attacks on larger businesses receive more media attention, small businesses are also a target for online criminals.”
In the first half of 2021, insurers paid out over $106 million in cyber liability claims, according to the Office of the Superintendent of Financial Institutions. Incidents of cybercrime — particularly ransomware attacks — have increased drastically since 2020, as criminals began to prey on people working from home due to the pandemic. A report by law firm McCarthy Tétrault found that ransoms and the resulting lost productivity cost Canadian organizations an estimated $5.1 billion in 2020 alone.
“Cyber insurance can help victims pay for many expenses related to cyber attacks, such as civil fines, legal damages, forensic investigations, data restoration costs and other expenses to restore their business operations,” Brennan said. “Before looking for cyber insurance quotes, business owners should take preventive actions to demonstrate to their insurance representative that they are a lower risk.”
Recommended steps that business owners can follow to help secure their data include:
- Enforce multi-factor authentication on login and network access;
- Focus on email security: enable attachment scanning, use external sender banners and train staff (or develop protocol) on spotting and containing malicious phishing attempts; and
- Run regular data backups and make sure the backups have unique credentials.
IBC conducted a similar survey in 2019 and has compared those results with the results of this most recent survey to look for trends in how small businesses (sole proprietors and those with up to 499 employees) are managing cyber security. The 2021 report has been published to coincide with Cyber Security Awareness and Small Business Month in October.