More than one in five Canadian companies say it was impacted by a cyber-attack last year according to a Statistics Canada survey from 2018.
These attacks affect all industries – healthcare, retail, entertainment, and finance.
They are making Cyber Security an increasingly pressing priority for businesses. Regulatory requirements are becoming more and more stringent.
In that light, one might ask, are Canadian businesses doing enough to keep up?
According to that same Statistics Canada report, businesses in Canada have already spent $14 billion on cyber security to confront the risk in the digital world. That’s why the Canadian Advanced Technology Alliance (CATA) today launched an advocacy campaign today calling for all political parties to adopt incentives that share the cost of implementing new and improved cyber security measures by Canadian business.
According to CATA, this policy incentive would “allow Canadian based companies to recoup a percentage of the cost of their investment in cyber security technologies and services.”
CATA asserts that if this is done right “this sharing of cost should help to increase the number of firms getting serious about security.”
Further, if it were focused on Canadian sourced solutions, it would “also stimulate the growth of domestic suppliers, vying for local and global markets”.
The call for all federal political parties to support the development of incentives that share the cost of implementing new and improved cybersecurity measures by Canadian business responds to preliminary survey results from a multi-sector CATA Cybersecurity Study. Full results of the Study entitled “Cybersecurity in an Industry 4.0 Environment” are expected to be announced in the summer, along with cyber awareness workshops.
CATA CEO John Reid notes that there is a precedent for this type of assistance. “We see this kind of tax break as being similar to tax incentives to invest in new technologies and techniques to improve manufacturing or assistance for firms to carry out research and development and create better products.”
Moreover, government studies have acknowledged that support is needed.
One of the recommendations from a Canadian Senate report of October 2018, is “… businesses should be given incentives to invest in cyber security improvements, for example, by making these investments tax deductible”.
CATA notes that ”governments around the world are driving some of the increased security demands as they set more demanding standards for online security, some assistance to meet those goals only seems fair.”
They also point out that other governments are recognizing the need to provide support, citing that the U.S. State of Maryland has created a Cyber Tax Credit which encourages its firms to get serious about cyber security adoption and to boost the creation and growth of cyber enterprises.
The fact is that security has become a very expensive line item for many businesses. Statistics Canada reports that Canadian companies spent $8 billion on cyber security staff and contractors, $4 billion on related software and hardware and $2 billion on other prevention and recovery measures.
Not surprisingly, the Canadian banks are the big spenders, making some large investments. But smaller organizations without these types of budgets are struggling to keep up, looking for creative and effective ways to invest in cyber security initiatives.
Recently, the Toronto Police Service decided to partner with start-ups and adopted their agile management techniques for developing projects. Shawna Coxon, Deputy Chief Priority Response Command, coined this process “radical collaboration”. It can go as far, she says, as “working with hackers”.
But creativity can only go so far. Businesses are looking for additional support.
According to CATA Director of Research & Managing Partner, Sciencetech, Jean-Guy Rens, “One of the most common complaints reported by survey participants was the lack of support from governments for cyber security adoption.”
Rens added, “Aside from boosting risk awareness, we importantly want to provide people with the tools that help prevent and contain attacks. This assistance would help cover costs for measures such as firewalls, anti-spam software, improved encryption of data and many other measures such as training staff to be more aware of security issues. The human factor is the weakest link in security. Breaking into a network often happens when an unsuspecting employee clicks an innocent-looking email link. Proper training of staff can create a much more secure company, the overall result is better protection of consumer and corporate data.”
There is merit to the idea that spending in this area can have a spillover benefit to the economy.
RBC, TD, Scotiabank, Canadian Imperial Bank of Commerce, Bank of Montreal and Desjardins collectively invested $27M in SecureKey’s digital identity ecosystem.
RBC also invested $1.78M in 2018 in a new cyber security lab and research at the University of Waterloo and a $2M investment on research into AI-based cyber security.
While some of these involve international companies, the net result is still an increase in Canadian economic activity.
This year, for example, security vendor Trend Micro, having already made large investments in the Ottawa area and established a new research centre in Toronto’s Liberty Village.
CATA’s Rens concluded, “Cyber security is a multi-billion-dollar global industry. Canada should be seen as a leader in cyber security adoption as we compete for our fair share of this fast growth, mission-critical marketplace.”