Cybersecurity: Where Do Canadian Companies Stand?

Written by NOVIPRO.

The widespread adoption of remote work has disrupted Canadian companies’ cybersecurity practices. However, according to the latest IT Landscape in Canadian Small, Medium, and Large Enterprises 2023 report, few companies appear ready to invest more in protecting their and their clients’ data despite rapidly evolving cyber threats. Let's take a closer look at this worrisome trend.

According to the seventh study conducted by Groupe NOVIPRO and Leger, companies cited remote work (65%) and the labour shortage (56%) as the main drivers for reviewing their security practices.

Firstly, the pandemic forced companies to adopt remote work, increasing security risks as remote employees became more vulnerable to attacks such as phishing and ransomware. Secondly, the labour shortage compelled companies to accelerate their digital transformation, which created new cybersecurity risks. Given this reality, companies should be more vigilant than ever and adopt more rigorous cybersecurity practices to protect their own data and that of their customers.

The time to take cybersecurity seriously is now

Astonishingly, nearly 25% of surveyed companies say they have been targeted by a cyber threat, with a quarter of them incurring costs exceeding $500,000. Despite these figures, only 41% of the organizations surveyed plan to invest in data confidentiality in the coming year (33% in backup, 29% in awareness, and 26% in vulnerability).

Furthermore, respondents perceive their organizations as less well protected than before against cyber threats, including data breaches, viruses, intrusions, data theft, and service denials or interruptions. As the study concludes, "it is concerning to note that a majority of the respondents still feel well protected against hackers.”

Negligence when it comes to sensitive data

The results of the Leger survey also reveal that 43% of companies would not inform their clients of a data breach. This is an alarming level of negligence, especially considering that Quebec’s new Bill 25 requires all private businesses to disclose any cyber-attack or incident threatening the confidentiality of sensitive data. Bill C-27 in Canada also modernizes legal provisions regarding the protection of personal information. Laws are essential for building trust in the market, and companies must adapt to these new digital realities to protect their own data and that of their clients.

Embracing better practices

In order to reduce risks, it is vital that Canadian companies of all sizes implement rigorous cybersecurity practices.

Cybersecurity training should be mandatory for all employees, focussing on appropriate use of company data, what to share or not, and with which tools. Companies would also benefit from investing in solutions to minimize the costs associated with ransomware attacks, data theft, or network compromise. Cyber insurance can help these organizations avoid the financial consequences of cybercrime.

Additionally, companies should conduct regular security audits to assess their level of preparedness and establish a business continuity plan to minimize losses in the event of an incident. Finally, a data governance system is critical for ensuring security and access to information.

Unfortunately, the latest IT Landscape report reveals a significant decline in some of these essential cybersecurity practices since the first year of the study. For example, less than one in three companies have conducted a security audit in the past year, and the number of companies with business continuity plans in place has similarly decreased.

That said, beyond these best practices, governments and authorities have a role to play in adopting laws and regulations adapted to today’s cybersecurity challenges. It is in the interest of every actor in civil society to collaborate closely to protect peoples’ sensitive data.

In doing so, businesses can strengthen their positions in the market and demonstrate that cybersecurity is more than just an expense to them - it shields their employees, clients, and suppliers.

And it protects their reputation.