Many Canadian SMBs underestimate ransomware: Vendor survey

Many Canadian SMBs are underestimating the threat of ransomware, if a survey by business continuity vendor Datto Inc. of their managed service providers is accurate.

The recent survey of 250 managed service providers (MSPs,) partners and customers with Datto solutions found they believe only one-third of small and medium business in this country are “highly concerned” about ransomware.

However, 83 per cent of MSPs said their clients were struck by ransomware in the past two years, and 37 per cent said their customers suffered multiple ransomware attacks on the same day. By comparison, 65 per cent of MSPs said their customers were hit by viruses and 56 per cent were struck by spyware.

One-third of respondents said poor user practices or gullibility was responsible for customer cyber security vulnerabilities, while 29 per cent said customers suffered from lack of end-user awareness training and an equal number suffered from weak passwords or weak access management.

In an interview Datto CISO Ryan Weeks said answers to some questions — such as the belief that only 33 per cent of customers are highly concerned about ransomware — were estimates by managed service providers of their customers. However, he said MSPs — which include IT solution providers as well as managed security service providers — are a “barometer” of what is going on in customer environments.

The Canadian survey was part of a global survey of Datto’s MSP customers.

Among the more interesting findings, Weeks said, is that on average ransom demands are higher in Canada than in other countries surveyed (an average of US$6,600 per incident here compared to an average US$4,300 elsewhere). It suggests criminals think they can squeeze more money out of companies here, he said.

Meanwhile the average cost of downtime was estimated by MSPs at US$49,500, higher than the average in other countries surveyed.

Another surprise to Weeks is how ineffectual anti-virus solutions appear to be. Eight-five per cent of respondents said their victim customers had AVsoftware; 69 per cent said victim customers had email filters. “That’s definitely a headscratcher,” Weeks said. He guessed “legacy” AV isn’t catching threats that are better disguised by attackers.

A full ransomware response plan needs prevention, detection, communications, data recovery and post-incident analysis, says the report.

Read highlights of the report here. Registration required.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now