CALGARY—More than half of Canadian small business owners know or suspect their company was hit by external hackers last year—and larger corporations may be under an even greater threat.
According to a recent Ipsos survey, 23 per cent of business owners are certain they were the victim of a cyberattack in 2016, while another 32 per cent suspect that they may have been.
The survey, commissioned by consulting firm MNP LLP, polled 1,000 small business owners as well as a relatively small sample of more than 100 C-suite executives.
The executives reported that the cyber threat is even more significant for larger corporations—51 per cent were certain their company was victimized, while another 31 per cent suspected they may have been.
“It is a reality of doing business now: hackers will get in,” said Greg Draper, a former RCMP investigator and current vice-president of Valuations, Forensics and Litigation Support at MNP, in a statement.
“Canadian business are poorly equipped to deal with cyber-attacks,” he added, pointing to some contradictory data.
Despite being attacked, an overwhelming number businesses are confident they can fend off hackers.
93 per cent of respondents said they are confident they can protect customer data, while eight in 10 think they can prevent online hackers from obtaining or blocking access to confidential information.
“There is a significant gap between the perceived preparedness of businesses and the number of data breaches occurring,” Draper said. “The number and sophistication of hackers is growing at light speed, but businesses are not evolving their prevention and detection strategies at the same rate.
“Developing an effective defense against external fraud is an exercise in continuous improvement, not just set-it-and-forget-it. That’s the part that businesses are missing here.”
Meanwhile, how Canadian businesses report cyberattacks is poised to change.
For years, companies have been able to choose whether or not to go public when they are hacked, but upcoming changes to Canadian privacy law are expected to take away that option, forcing businesses to admit when they’ve been breached.
With customer confidence, potential legal action and other issues on the line, Draper anticipates the new regulations will mean more companies will need to take a proactive approach to addressing cyberattacks.
You can read the fully study here.