FOR IMMEDIATE RELEASE
WINDSOR NS, October 25, 2021 — A recent Cyber Security and Business Survey revealed nearly two thirds (61 per cent) of businesses have experienced a cyber security incident, yet almost three-quarters (74 per cent) of businesses didn’t report it. Delivered through a partnership between the Canadian Centre for Cyber Security (the Cyber Centre) and the National Chambers Insight Community (NCIC), which comprises the provincial and territorial Chambers of Commerce across Canada, the Cyber Security and Business Survey was conducted to identify how prepared businesses are for cyber security threats. The findings of this survey will help inform future education offerings, resources, and programs from the Cyber Centre for small- and medium-sized businesses and increase awareness of those programs and resources on a national level.
Of the 468 respondents, only 46 per cent have an employee responsible for managing day-to-day IT security for their organization. Over two-thirds of businesses do not know that the federal government provides resources and tools to combat cyber security threats.
“At a time when many businesses have needed to pivot their businesses to online in order to better navigate the pandemic, we are very pleased to be working with the Cyber Centre and our provincial and territorial partners to identify the education, tools and resources needed to better protect small-and medium-sized businesses across the country from cyber threats,” said Sheri Somerville, CEO of the Atlantic Chamber of Commerce. “We are hopeful that the survey findings will result in new and innovative tools and resources to educate and prepare businesses for cyber threats so that they can operate confidently knowing that their people and assets are protected.”
While 72 per cent of responding businesses rated their level of cyber security knowledge as average, above average, or expert, many have experienced a cyber security incident. Eighty-eight per cent reported having a good or strong sense of what items, assets, or devices require protection in their organization.
“Small- and medium-sized businesses are critical to Canada’s economy, and a key part of the Cyber Centre’s mandate is to make its services available to them,” said Sami Khoury, Head of the Cyber Centre. “We work with partners like the NCIC to better understand their members’ needs. By working together, these efforts help us to offer innovative cyber security tools and resources that help Canadian businesses stay safe online.”
Key Findings: Day-To-Day Business Operations
Of the 468 responding businesses:
- 46 per cent have an employee responsible for managing day-to-day IT security for their organization.
- 18 per cent have an employee dedicated to IT, and 28 per cent outsource the responsibility to an IT firm.
- 47 per cent do not own intellectual property (IP) that would be valuable to a competitor if stolen.
- For the businesses who own valuable IP, the top value items are business plans (28 per cent), propriety data sets (24 per cent), and project management plans (18 per cent).
- 88 per cent have a good sense of what items, assets, and/or devices require protection in their organization
- 36 per cent of businesses periodically review their items, assets and/or devices as a priority.
Key Findings: Cyber Security Knowledge
Of the 468 responding businesses:
- 72 per cent would rate their level of cyber security knowledge as average, above average, or expert.
- 61 per cent have encountered a cyber security incident before, however, 74 per cent of that group did not report the incident.
- The top cyber security incidents encountered by organizations are phishing (49 per cent) and malware (30 per cent).
- The most common cyber security technical measures applied in organizations are:
- System and information backups for all devices (75 per cent)
- Software updates and patching (71 per cent)
- Administrative access (50 per cent)
- Google cloud is the most common cloud service among businesses (36 per cent).
- 25 per cent of businesses do not use cloud services. Thirty-four per cent of that group plan to move to cloud services over time.
- The most common cyber security business practices implemented in organizations are:
- Password and account management policies (62 per cent)
- Document security (62 per cent)
- Physical access control (49 per cent)
-30-
About the National Chambers Insight Community
The National Chambers Insight Community (NCIC) is owned and operated by the provincial and territorial (P/T) chambers in Canada, who work with their 450 member chambers to access more than 200,000 businesses in Canada. Together, they use their network and the NCIC platform in each province and territory to gather robust, ground-level intelligence about businesses large and small, from every sector and in every demographic in Canada in near real-time via the following online insight communities: BCMindReader.com, AlbertaPerspectives.ca, InputSask, MB Pulse, L’Observatoire, and Atlantic Impressions. These communities collectively include 5,500+ engaged business leaders across Canada that provide insight into municipal, provincial, territorial, and federal economic landscapes, to voice concerns and opportunities for businesses.
Media Contact
patti@atlanticchamber.ca
About the Canadian Centre for Cyber Security
The Canadian Centre for Cyber Security (the Cyber Centre) is part of the Communications Security Establishment. It is the single unified source of expert advice, guidance, services, and support on cyber security for government, critical infrastructure owners and operations, the private sector and the Canadian public. With the Cyber Centre, Canadians have a clear and trusted place to turn to for cyber security issues. You can learn more about the Cyber Centre at cyber.gc.ca.
Media Relations
Communications Security Establishment
media@cse-cst.gc.ca
