One quarter of Canadian companies experienced a cyberattack in 2021 and more than half (56 per cent) ended up paying the ransom demanded by the hackers, according to Leger survey commissioned by technology firm NOVIPRO.
The study also found that one third of the companies who were a victim of a cyberattack hired a negotiator while 23 per cent decided to handle the situation without using a third party.
The cost of the attacks was substantial with 42 per cent of the companies surveyed reporting cost of $250,000 to more than a $1 million.
Manufacturing respondents to the survey were particularly worried with 62 per cent saying they were concerned about cyberattacks since the implementation of the hybrid work model.
Even though employees represent the biggest risk when it comes to cybersecurity threats – whether they are acting maliciously or simply making an honest mistake – the percentage of companies that have provided training to their teams has been steadily declining for the past three years, the survey found. This trend shows no sign of slowing as only 40 per cent of respondents are planning to provide cybersecurity training to their teams this year. Moreover, only a small percentage (13 per cent) of companies that did not offer training to their staff in 2021 plan to do so next year.
Companies hit by a cyberattack say that internal resources were the most significant source of cyber threats (53 per cent). Among these attacks, 31 per cent were of malicious intent and 22 per cent were triggered unintentionally, for example by clicking on a fraudulent link. A bit more than quarter (27 per cent) of the attacks originated from an external source while 13 per cent originated from partners, suppliers and customers.
Less than half the companies surveyed claimed to be very well protected against various types of cyberattacks. To prevent a potential data leak, 39 per cent of respondents reported having encrypted their company data while 38 per cent had installed malware protection.
Ontario ranked first among the provinces targeted by cyberattacks in 2021 (cited by 29 per cent of survey participants) followed by Quebec (24 per cent of survey participants).
