Site icon IT World Canada

Canadian SMBs, employees criticized for poor cybersecurity practices

Image of a report card

Image by michaelquirk via GettyImages.ca

Employees at small and medium-sized Canadian organizations have been given a “C” rating for their knowledge of cyber safety and awareness.

The rating comes from the Insurance Bureau of Canada, which, after surveying 1,525 workers at companies with fewer than 500 employees, concluded firms have been slow to adapt to increasingly frequent and sophisticated cyber attacks.

Among what the bureau called “startling” findings:

Just under three-quarters of respondents (72 per cent) said they have done something that could allow a cybercriminal to gain access to their company’s computer systems. For example:

The survey results, called a Cyber Savvy Report Card, were released in advance of October’s cybersecurity awareness month.

To help raise awareness, the bureau launched cybersavvycanada.ca, to help small business owners and their employees better understand the threat of cyber attacks and what they can do to reduce their risk.

“Everyone has a role to play in reducing cyber threats in the workplace,” said Celyeste Power, the insurance bureau’s executive vice-president for strategic initiatives and advocacy. “While cyber insurance is an important backstop for businesses in the event of a cyber breach, it should be thought of as one component within a complete cyber risk mitigation strategy aimed at reducing an organization’s vulnerability to online threats.”

Employees may also underestimate the role they play in their organization’s cyber defences, the bureau said. It notes that 30 per cent of respondents said they don’t believe cybercriminals would target them at work, while 28 per cent of respondents said their employer is solely responsible for protecting their workplace from cyber threats.

Twenty-one per cent of respondents believe that most cyber breaches are minor and easy to resolve. “The reality,” the bureau said in a news release accompanying the results, “is that they can have a devastating financial impact.” Citing IBM’s latest annual cost of a data breach report, the bureau notes that in 2021, the average total cost of a data breach to Canadian organizations was an estimated $7.3 million.

The insurance bureau has a stake in the cybersecurity of customers with cyber insurance. As a result of rising claims and payouts, insurers have been raising premiums, restricting coverage, and demanding customers toughen their cyber defences, according to a global survey released last month.

Exit mobile version