Article content
Corporate cybersecurity incidents appear to be declining in Canada, but the recovery costs associated with such incidents has doubled, according to a new report from Statistics Canada: the Canadian Survey of Cyber Security and Cybercrime (CSCSC).
Ever since the COVID-19 pandemic, Canadian businesses have moved more of their operations online. The increased web presence has made them more vulnerable to cybersecurity attacks. Still, the proportion of companies that have fallen victim to cybercrimes has dropped, with about one in six (or 16 per cent) reporting cybersecurity incidents in 2023, down from 29 per cent in 2019 and 18 per cent in 2021.
Article content
Though the number of incidents declined last year, the amount of money companies spent on recovery efforts doubled between 2021 and 2023, to a total of $1.2 billion — up from $600 million in 2021.
“The trend of increasing recovery spending may indicate that, although a lower percentage of businesses fell victim to cybersecurity incidents, the financial consequences of being hit by incidents are becoming more severe,” says the report.
Despite the rising costs for recovery, only 56 per cent of businesses reported spending money on cybersecurity prevention and detection in 2023, down from 61 per cent in 2021. The amount of money spent on prevention and detection has remained relatively stable, rising from $9.7 billion in 2021 to $11.0 billion in 2023.
Meanwhile, only one in four Canadian businesses (26 per cent) reported having written cybersecurity policies in place, a number virtually unchanged since 2021.
According to the CSCSC, large businesses (those with more than 250 employees) had the greatest decline in cyberattacks (down seven per cent), though they remain the most likely targets for online criminals.
Article content
The report noted that certain methods of attack were significantly more prevalent, the most common being scams and frauds, which affected 50 per cent of Canadian businesses. Scam and fraud attacks increased by six per cent in 2023.
The method of attack with the most significant increase was identity theft, which now affects 31 per cent of companies, up 11 per cent since 2021.
Recommended from Editorial
The CSCSC has been collecting data on how Canadian businesses manage cybersecurity and the impact of cyberattacks since 2017. This latest survey sampled 12, 462 enterprises (approximately 5,000 large, 30,000 medium-sized and 170,000 small) and had a response rate of 71 per cent.
Bookmark our website and support our journalism: Don’t miss the business news you need to know — add financialpost.com to your bookmarks and sign up for our newsletters here.
Share this article in your social network
