Is your cyber security up to the task?

Research from KPMG in Canada indicates that more than nine in 10 (94 per cent) small- and medium-size Canadian companies say they surveil for potential cyberattacks but only half (56 per cent) actually test the effectiveness of their cyber-defences, and less than two in five feel they can fully detect and fend off cyberattacks. KPMG’s Cyber Security Poll surveyed business owners or decision makers at primarily medium-size business and 1,000 Canadians for their views on how well companies can defend themselves from the growing threat of cyberattacks and address consumer expectations.

The poll research revealed that few companies integrate cyber security into their governance and management processes, and few companies are adequately prepared to ward off a cyberattack. Only 38 per cent say cyber security is “deeply embedded” into all aspects of their business, and only 39 per cent are “very confident” in their ability to detect and respond to an attack.

“While many businesses have access to many of the cyber security tools they need, it is critical that they integrate them into their operations at every level, as an attack can come from anywhere,” says Hartaj Nijjar, partner, cyber security, KPMG in Canada.

“If you don’t have the right security controls embedded by design, you’ll be more exposed,” adds Nijjar. “With cybercrime intensifying, Canadian businesses need to make this a priority to protect not only their own data but that of their customers.

Consumers are paying much closer attention to the risks and are holding companies to account for protecting their data. Our poll research shows that companies could be doing more to improve their cyber security culture.”

Key survey highlights:

94 per cent of small- and medium-size businesses say they monitor their environments for potential cyberattacks
Just 39 per cent say they are “very confident” in their ability to detect and respond to a cyberattack, and 59 per cent are “somewhat confident.” The remaining two per cent are “not confident at all”
The “very confident” group falls to 35 per cent in British Columbia and 33 per cent in both Alberta and Quebec, and jumps to 44 per cent in Ontario
56 per cent have developed comprehensive playbooks and run through cyber simulations regularly, while 44 per cent have not or do not do this
Only two in five (38 per cent) say cyber security is “deeply embedded” in their business. These companies integrate cyber security into all aspects of their governance and management processes, and they have a cyber security leader who plays a key role in their company
56 per cent said cyber security is “somewhat embedded” into all aspects of their business, that is, it’s weaved into some of their governance and management processes but not all of them
Nearly half (48 per cent) plan to increase their cyber security budgets by up to 20 per cent in the next 12 months, while one third plan to increase cyber spending by less than five per cent over the coming year.
The poll also finds that while two-thirds of SMEs have IT staff partially or fully devoted to cyber prevention, slightly more than half (51 per cent) also partially outsource or co-source their cyber security functions. Nearly a quarter (23 per cent) fully outsource through qualified managed service providers.

The poll also finds that while two-thirds of SMEs have IT staff partially or fully devoted to cyber prevention, slightly more than half (51 per cent) also partially outsource or co-source their cyber security functions. Nearly a quarter (23 per cent) fully outsource through qualified managed service providers.

Canadians worry about cyberattacks

Canadian consumers, meanwhile, remain highly concerned about cyberbreaches. Ninety-three per cent “are concerned or leery” about sharing their personal or financial information with any organization that’s had a cyberattack or data breach, up from 90 per cent in 2020. And nearly eight in 10 (78 per cent) worry about their personal data being stolen in a cyberattack on their financial institutions, retailers, wireless/internet providers and governments.

Since the start of the pandemic, there’s been a huge spike in ransomware, as well as phishing and social engineering attacks in general. Our cyber security poll revealed that 49 per cent of SMBs successfully migrated some business processes into the cloud during the pandemic (as it was a top priority), while 40 per cent have invested in or implemented additional access management protections to their data, including multi-factor authentication and password-less authentication.

For more insights into how businesses can build a strong cyber security culture and cyber defense strategy, read Cyber security in a post-pandemic world, by Hartaj Nijjar and Guillaume Clément, partner, Cyber Security, KPMG in Canada.