As cyber breaches are becoming more prevalent and disruptive, only 39% of Canadian businesses are very confident in their ability to identify and fend off attacks, according to a KPMG Canada survey. The consulting firm polled 253 small- and medium-sized enterprises (SMEs) and 1,001 Canadians in September 2021.
The vast majority of businesses (94%) say they monitor their environments for potential cyberattacks, but only half (56%) regularly test their defences with cyber simulations.
Cybersecurity appears to still be fairly siloed off, with only 38% of respondents saying it is “deeply embedded” in all aspects of their business. The above companies integrate cybersecurity into all aspects of their governance and management processes, and also have a cybersecurity leader who plays a key role in their company.
“While many businesses have access to many of the cybersecurity tools they need, it is critical that they integrate them into their operations at every level, as an attack can come from anywhere,” said Hartaj Nijjar, partner, cybersecurity, KPMG Canada. “If you don’t have the right security controls embedded by design, you’ll be more exposed.”
Most companies have dedicated cyber staff in-house, with two-thirds having IT staff partially or fully devoted to cybersecurity. However, outsourcing of the cybersecurity function is still a popular option for SMEs, with 51% partially outsourcing cybersecurity and 23% fully outsourcing to managed services providers.
The consumer perspective
The majority of Canadians (93%) are concerned or leery about sharing their personal or financial information with any organization that has had a cyberattack or data breach. This ups the stakes for companies to have strong cyber defences, as many strategies for continued competitiveness involve leveraging customer data to create smarter operations and stronger customer experiences. Getting that data involves maintaining consumer trust through a track record of cyber resilience.
Three quarters (78%) of Canadian consumers worry about their data being stolen in a cyberattack on their banks, retailers, internet providers, and governments. To help boost security, half (52%) would support the use of authentication measures such as biometric scans (fingerprint, voice, etc.) to access government or business services.