Small businesses are the backbone of the Canadian economy. They account for almost all of the private businesses in Canada and employ more than two-thirds of Canada’s private-sector labour force, according to Innovation, Science and Economic Development Canada. They’ve also been responsible for nearly seven out of 10 net new jobs created in recent years and contribute more than one-third of Canada’s GDP.
More than 100,000 small businesses are born every year, despite the many challenges they face, such as inflation, rising interest rates and supply chain disruptions. But there’s another significant challenge that can directly threaten their survival that doesn’t always get the attention it deserves: the growing risk of cyberattacks.
Cybercrime has increased more than six-fold since the start of the pandemic. Mastercard research shows that small and medium-size businesses are just as likely to be targets of cyber criminals as large enterprises, if not more so, because of the limited resources they have to defend themselves. Businesses less than five years old tend to report a higher rate of being hacked, with the loss of highly sensitive financial employee and credit or debit card information.
For most small businesses, it’s not a question of whether they’ll be the victim of a cyberattack, but when, and what’s next? Unfortunately, too many businesses don’t take steps to improve security until after an incident occurs, by which time the damage has been done.
Not only can a cyberattack cripple a business’s ability to operate, they can also harm the relationship between a business and its customers. Four out of five consumers in North America say that if they don’t trust a company to protect their data, they won’t buy from them, no matter how great their products or services are.
In a recent Mastercard survey of more than 2,000 Canadian consumers ahead of Cybersecurity Awareness Month, data protection measures were identified as one of the most important factors influencing customer perceptions of small business security and trustworthiness. Other significant factors were a business’s accountability for any breaches and transparency about previous cyber incidents.
Even for businesses that do eventually recover and are able to restore trust with their customers, many have to increase their prices to cover the additional costs incurred dealing with a cyberattack, which can put them at a competitive disadvantage.
The good news is that more than half of businesses have implemented some security solutions, such as using antivirus software and firewalls, or have conducted a digital risk assessment. The bad news is that they often neglect to take ongoing action, leaving them vulnerable to cyber risks that are constantly evolving and growing.
As part of our recent survey, we also asked 300 small business owners across Canada about their state of readiness to defend themselves from cyberattacks. Many said they struggle to invest in the cybersecurity tools they need to protect themselves. Barely one in six said they feel certain they know the best steps to take following a cyberattack, and only about one in five said they are totally confident their business would recover fully within six months of an attack.
As a global technology company in the payments industry, we know that a robust and transparent cybersecurity plan is essential for small businesses to uphold their reputation and maintain their long-term resilience. Businesses should be designing security measures into their processes from the outset and be proactive about cyber risk, with continuous vulnerability scanning and regular training of their employees.
We also know that for many small businesses, this is often easier said than done.
Cybersecurity appears scary and monolithic, but it needs to be actionable. Ingraining cybersecurity tools into business right from the start not only ensures protection, but shows consumers how important their personal data and information is to the business and that it is taking every measure to lower the risk of fraud.
Yet, as more and more business is conducted digitally, the risk of cyberattacks is increasing. It’s essential small businesses have the tools and support they need to protect themselves and their customers from the rising threat posed by cyber criminals. Ultimately, businesses should be loud and proud about their cybersecurity measures.
Governments and the private sector also all have a role to play. For our part, we’ve partnered with the Canadian Federation of Independent Business (CFIB) to deliver the Cybersecurity Academy, which provides short lessons and free tools tailored to the needs of small businesses. We’ve also partnered with Digital Main Street to release a tailored video course to educate small and medium-sized enterprises on cybersecurity.
Canada’s success and prosperity depends on small businesses that succeed and prosper. More than eight million Canadians rely on them for their jobs. Millions more look to them to deliver the goods and services they want. We must not leave them on their own to try to protect their operations from increasingly sophisticated cyberattacks.
