Cyber Security Awareness Month starts with disappointing Canadian survey

Few Canadian firms are prepared to face most cyber attacks, if a new poll of 253 small and mid-sized firms is to be believed.

Fewer than two in five respondents to the online survey by KPMG Canada, released on the eve of Cyber Security Awareness Month — which starts today —  believe they can fully detect and fend off cyberattacks.

In addition, only just over half (56 per cent) said their firm tests the effectiveness of their cyber-defences.

“For the most part Canadian companies – and this is not unique to Canada – aren’t prepared as they should or could be for cyber attacks,” Hartaj Nijjar, a partner in KPMG’s cybersecurity practices, said during an interview about the results.

“It’s a reflection of the challenge organizations are facing.”

“I think there is a long way to go. It’s a journey and there’s more that could be done with respect to the amount of funding organizations reserve for cyber. It’s receiving more attention now. It could receive more,” he said. “It’s going to take time, it’s going to take more awareness and training, and, frankly, it’s going to take more funding.”

“The challenge of cyber is not an easy one,” he added. “The larger the digital footprint of an organization the more difficult it becomes. Particularly organizations that have legacy systems with lots of interconnections and they’re making acquisitions, the problems become that much more difficult.”

Among other survey results

–only 38 per cent of respondents said cyber security is “deeply embedded” into all aspects of their business;

–just 39 per cent said they are “very confident” in their ability to detect and respond to a cyberattack, while 59 per cent were “somewhat confident;”

–48 per cent of respondents plan to increase their cyber security budgets by up to 20 per cent in the next 12 months. One-third plan to increase cyber spending by less than five per cent in the same period.

In fact, Nijjar said some of the responses “were a bit optimistic.”

“When we visit our clients I struggle to think of more than a handful that would suggest cybersecurity is deeply embedded into all their business,” he said. “They consider cyber at different stages and projects, but it’s not deeply embedded.”

While just over half of respondents said their firm has incident response playbooks, Nijjar said few of these documents are expansive enough. Often they cover commonly reported attacks including ransomware, phishing, and distributed denial of service attacks. “But what we find they are not necessarily paying attention to are non-common types of attacks.”

And while 94 per cent of respondents said their firm monitors their environments for potential cyberattacks, Nijjar though that number is “obviously too high.” Few fit his definition of monitoring, which includes watching for “a myriad of different attacks, constantly turning your monitoring controls. “

When it was suggested the results are a glum beginning for this year’s Cybersecurity Awareness Month, Nijjar said “it could certainly look better.

“Even though for me some of the numbers are a little bit optimistic, I think it’s a relatively fair reflection” of the preparedness today of Canadian organizations.

Recommended actions

Nijjar said three things need to be done to improve the cybersecurity maturity of organizations:

–solve the shortage of people with cybersecurity skills;

–the importance of cybersecurity to the organization needs to be pushed from C-suite down;

–focus on core security fundamentals including patching, identity and access control and vulnerability management instead of new products.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Featured Articles

Empowering the hybrid workforce: how technology can build a better employee experience

Across the country, employees from organizations of all sizes expect flexibility...

What’s behind the best customer experience: How to make it real for your business

The best customer experience – the kind that builds businesses and...

Overcoming the obstacles to optimized operations

Network-driven optimization is a top priority for many Canadian business leaders...

Thriving amid Canada’s tech talent shortage

With today’s tight labour market, rising customer demands, fast-evolving cyber threats...

Staying protected and compliant in an evolving IT landscape

Canadian businesses have changed remarkably and quickly over the last few...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now