OTTAWA – The Canadian Internet Registration Authority this week released its 2019 Cybersecurity Survey Report which says a large percentage of Canadian companies and other organizations have been affected by cyber-attacks in the past year.
CIRA surveyed more than 500 individuals with responsibility over IT security decisions at both private and public sector institutions across Canada to learn more about how they are coping with increasing threats.
Key findings, reads the report, include:
- 71% of organizations reported experiencing at least one cyber-attack which impacted the organization in some way, including time and resources, out of pocket expenses, and paying ransom.
- While 96% of respondents said cybersecurity awareness training was at least somewhat effective in reducing incidents, only 22% conducted the training monthly or better.
- Only 41% of respondents have mandatory cybersecurity awareness training for all employees.
- 43% of respondents were unaware of the mandatory breach requirements of PIPEDA.
- Of those businesses that were subject to a data breach, only 58% reported it to a regulatory body; 48% to their customers; 40% to their management and 21% to their board of directors.
- 43% of respondents who said they didn't employ dedicated cybersecurity resource cited lack of resources as the reason. This is up from 11% last year.
- Among those businesses that were victimized by a cyber-attack, 13% indicated the attack damaged their reputation.
This perception is in contrast to the findings of another of CIRA’s recent reports, Canadians deserve a better internet, which indicated only 19% of Canadians would continue to do business with an organization if their personal data were exposed in a cyber-attack.
