More than nine in 10 (94 per cent) small- and medium-sized Canadian companies say they surveil for potential cyberattacks but only half (56 per cent) actually test the effectiveness of their cyber-defenses, and less than two in five feel they can fully detect and fend off cyberattacks, finds new research from KPMG in Canada.
KPMG's 2021 Cyber Security Poll recently surveyed business owners or decision makers at primarily medium-sized business and 1,000 Canadians ahead of Cyber Security Awareness Month for their views on how well companies can defend themselves from the growing threat of cyberattacks and address consumer expectations.
The poll research revealed that few companies integrate cyber security into their governance and management processes and are adequately prepared to ward off a cyberattack. Only 38 per cent say cyber security is "deeply embedded" into all aspects of their business, and only 39 per cent are "very confident" in their ability to detect and respond to an attack.
"While many businesses have access to many of the cyber security tools they need, it is critical that they integrate them into their operations at every level, as an attack can come from anywhere," says Hartaj Nijjar, Partner, Cyber security, KPMG in Canada. "If you don't have the right security controls embedded by design, you'll be more exposed."
"With cybercrime intensifying, Canadian businesses need to make this a priority to protect not only their own data but that of their customers. Consumers are paying much closer attention to the risks and are holding companies to account for protecting their data. Our poll research shows that companies could be doing more to improve their cyber security culture."
The poll also finds that while two-thirds of SMEs have IT staff partially or fully devoted to cyber prevention, slightly more than half (51 per cent) also partially outsource or co-source their cyber security functions. Nearly a quarter (23 per cent) fully outsource through qualified managed service providers.
Canadian consumers, meanwhile, remain highly concerned about cyberbreaches. Ninety-three per cent "are concerned or leery" about sharing their personal or financial information with any organization that's had a cyberattack or data breach, up from 90 per cent last year. And nearly eight in 10 (78 per cent) worry about their personal data being stolen in a cyberattack on their financial institutions, retailers, wireless/internet providers and governments.