A new survey finds that half of Canadian business executives say their company was hacked last year, a sign of the new reality of doing business in a connected world, says accounting, tax and business consulting firm MNP LLP, which commissioned the survey.
The survey of 1,000 small business owners and 100 executives at larger (100+ employees) companies found that almost 60 per cent either suspect or know for certain that they were the victims of hackers during the past year. Half of polled executives revealed that they know they were hacked while another three in ten said they suspect that it occurred but couldn’t say for certain.
“It is a reality of doing business now: hackers will get in,” says Greg Draper, Vice President of Valuations, Forensics and Litigation Support at MNP and former RCMP investigator, in a press release. “Canadian businesses are poorly equipped to deal with cyber-attacks.”
Yet even with so many security breaches, business owners and executives still claim that their companies — and their customers’ private information — are secure. Eight in ten said they feel confident that they can block hackers’ attempts to gain confidential information and a full 93 per cent feel confident that they can protect customer data.
Draper says the sentiment is misguided. “There is a significant gap between the perceived preparedness of businesses and the number of data breaches occurring,” says Draper. “The number and sophistication of hackers is growing at light speed, but businesses are not evolving their prevention and detection strategies at the same rate.”
The survey found that just a little over half (54 per cent) of respondents said their businesses use cyber security measures like firewalls, a “startling find,” says Draper. “I think some still see it as discretionary spending, rather than a necessity. But this way of thinking is going to change drastically as cyber-attacks continue to escalate in frequency and severity,” says Draper.
The new information comes as the Canadian federal government plans to usher in new rules for businesses which will require them to divulge cyber security breaches as soon as they become aware of them. A critical but up until now missing component of Canada’s privacy and security measures, the new regulations fall under the Digital Privacy Act passed in 2015 and will force companies to immediately report system breaches and state exactly what information was compromised in the breach.
While the new regulations have been forecasted for some time now, Monique Moreau, vice-president of national affairs for the Canadian Federation of Independent Business says that the vast majority of Canadian businesses are still unaware of the upcoming regulations and she hopes the government will initiate a grace period for first-time offenders. “What we’re always emphasizing is education before enforcement,” said Moreau to the Ottawa Citizen. “For a vast majority of business owners, the first time they will hear about this is when this happens to them.”
Cyber attacks against small and medium-sized businesses in Canada have risen 44 per cent over the past two years, according to a study by cloud security company Scalar Decisions Inc. Scalar Decisions says ransomware is on the rise, a form of cyber attack where the hacker locks a company’s digital information until a ransom has been paid, yet only 21 per cent of those companies hit by ransomware attacks actually reported them to authorities. “The increase in incidents and decreasing confidence we are seeing coincides with the growing sophistication, severity and cost of attacks,” says Ryan Wilson, chief technology officer at Scalar