More than one in five Canadian companies say they were impacted by a cyberattack last year, with businesses spending $14 billion on cybersecurity as they confront greater risks in the digital world, according to a new Statistics Canada survey.
The most common suspected motive was an attempt to steal money or demand a ransom payment, according to the survey. Theft of personal or financial information was less typical — less than one-quarter of the cyberattacks — though it was the most cited reason for investing in cybersecurity, StatCan said.
“Canadian businesses continue to rapidly embrace the Internet and digital technologies, which expose them to greater cybersecurity risks and threats,” the agency said in a release Monday.
“However, the impact of these risks and threats on the investment and day-to-day decisions of businesses are not easily understood as cybersecurity incidents often go unreported.”
Only 10 per cent of businesses affected by a cyberattack reported it to law enforcement agencies last year, StatCan said.
Companies shelled out $8 billion on cybersecurity staff and contractors, $4 billion on related software and hardware and $2 billion on other prevention and recovery measures, the survey found. The total represented less than one per cent of their total revenues.
Large businesses — those with 250 or more employees — were more than twice as likely as small ones — between 10 and 49 employees — to be apparent targets, according to the report. It said the attacks resulted in an average of 23 hours of “downtime” per company in 2017.
Data breaches have become a familiar feature on the corporate landscape. Last week, Facebook said an attack on its computer systems announced two weeks earlier had affected 30 million users.
In August, some 20,000 Air Canada customers learned their personal data may have been compromised following a breach in the airline’s mobile app.
Last year, Equifax Inc. said approximately 100,000 Canadian consumers may have had their personal information compromised in a massive cyberattack on the credit data company.
In the past three years, millions of consumers have been affected by hacks against a panoply of companies including British Airways, Uber, Deloitte, Ashley Madison and Walmart.
Theo Van Wyk, head of cybersecurity at IT services provider Scalar Decisions, said earlier this year that more security staff and software haven’t stemmed the tide of cyberattacks.
“As cybersecurity breaches become the new normal, organizations can’t be complacent,” he said. “The rising number of high-impact breaches coincides with the increasing costs of recovery.”
Data for the survey — the first of its kind in Canada — were collected between January and April 2018, with a sample size of 12,597 businesses and a response rate of 86 per cent.
Christopher Reynolds, The Canadian Press