Cybersecurity incidents reported in Canada and across the globe continue to grow at an alarming pace. This has only been heightened by the COVID-19 global pandemic with many organizations switching to remote working overnight. The potential effects to businesses resulting from a major cybersecurity incident can include financial loss, operational disruption, and reputational harm, not to mention lengthy regulatory investigations and litigation. Familiarizing oneself with the types of cyber threats that an organization faces is a key factor in being prepared for a cybersecurity incident.
Canadian Cybersecurity Trend Highlights
Unfortunately, there is a scarcity of current and reliable Canada-specific data when it comes to the types of cyber threats that organizations face, their frequency, impact, and other indicators that assist organizations in preparing for a potential cybersecurity incident. Blakes LLP has provided a detailed report, but here’s a breakdown of the key highlights:
- Financial, health and professional services are more likely to be targeted by hackers given the quantity of sensitive information they hold (including personal information of employees and customers they hold)
- Ransomware (35%) and Business Email Compromise (24%) attacks were the top two cyber threats in 2019
- More than half (53%) of organizations that were the victim of a ransomware attack opted to pay a ransom
- Top three impacts of a major cybersecurity incident were operational disruption (33%), financial loss (25%) and negative impact on relationships with business (21%)
- Since November 1, 2018, when the federal mandatory breach notification came into force, there has been a six-fold increase in privacy breaches reported to the Office of the Privacy Commissioner of Canada
- Only 29% of organizations had an effective Cybersecurity Incident Response Plan (CIRP) that they used to respond to the cybersecurity incident
- Less than a third (31%) of organizations reported a cybersecurity incident to law enforcement
- A little over 10% of publicly listed companies have indicated that they have standalone cyber insurance in place
- Only 41% of publicly listed companies indicated they had some sort of internal cybersecurity policy in place
- About a third (31%) of publicly listed companies indicated they have a committee in place responsible for actively overseeing the organization’s cybersecurity management.
For the full Blakes LLP report click here.
For further information or to seek advice about specific situations, please drop us a line below.