Canadian companies have strong cyber security protocols in place, but lag in testing their effectiveness: KPMG in Canada

As Canadians worry about cyberattacks, new poll research finds less than half of businesses are very confident in their ability…

As Canadians worry about cyberattacks, new poll research finds less than half of businesses are very confident in their ability to spot and fend off a major cyber breach

TORONTO, Sept. 28, 2021 /CNW/ – More than nine in 10 (94 per cent) small- and medium-sized Canadian companies say they surveil for potential cyberattacks but only half (56 per cent) actually test the effectiveness of their cyber-defenses, and less than two in five feel they can fully detect and fend off cyberattacks, finds new research from KPMG in Canada.

KPMG’s 2021 Cyber Security Poll recently surveyed business owners or decision makers at primarily medium-sized business and 1,000 Canadians ahead of Cyber security Awareness Month for their views on how well companies can defend themselves from the growing threat of cyberattacks and address consumer expectations.

The poll research revealed that few companies integrate cyber security into their governance and management processes and are adequately prepared to ward off a cyberattack. Only 38 per cent say cyber security is «deeply embedded» into all aspects of their business, and only 39 per cent are «very confident» in their ability to detect and respond to an attack.

«While many businesses have access to many of the cyber security tools they need, it is critical that they integrate them into their operations at every level, as an attack can come from anywhere,» says Hartaj Nijjar, Partner, Cyber security, KPMG in Canada. «If you don’t have the right security controls embedded by design, you’ll be more exposed.»

«With cybercrime intensifying, Canadian businesses need to make this a priority to protect not only their own data but that of their customers. Consumers are paying much closer attention to the risks and are holding companies to account for protecting their data. Our poll research shows that companies could be doing more to improve their cyber security culture.»

Key Survey Highlights:

  • 94 per cent of small- and medium-sized businesses say they monitor their environments for potential cyberattacks
  • Just 39 per cent say they are «very confident» in their ability to detect and respond to a cyberattack, and 59 per cent are «somewhat confident». The remaining two per cent are «not confident at all»
    • The «very confident» group falls to 35 per cent in B.C. and 33 per cent in both Alberta and Quebec, and jumps to 44 per cent in Ontario
  • 56 per cent have developed comprehensive playbooks and run through cyber simulations regularly, while 44 per cent have not or do not do this
  • Only two in five (38 per cent) say cyber security is «deeply embedded» into all aspects of their business. These companies integrate cyber security into all aspects of their governance and management processes, and they have a cyber security leader who plays a key role in their company
  • 56 per cent said cyber security is «somewhat embedded» into all aspects of their business, that is, it’s weaved into some of their governance and management processes but not all of them
  • Nearly half (48 per cent) plan to increase their cyber security budgets by up to 20 per cent in the next 12 months, while one third plan to increase cyber spending by less than five per cent over the coming year.

The poll also finds that while two-thirds of SMEs have IT staff partially or fully devoted to cyber prevention, slightly more than half (51 per cent) also partially outsource or co-source their cyber security functions. Nearly a quarter (23 per cent) fully outsource through qualified managed service providers.

Canadians Worry about Cyberattacks

Canadian consumers, meanwhile, remain highly concerned about cyberbreaches. Ninety-three per cent «are concerned or leery» about sharing their personal or financial information with any organization that’s had a cyberattack or data breach, up from 90 per cent last year. And nearly eight in 10 (78 per cent) worry about their personal data being stolen in a cyberattack on their financial institutions, retailers, wireless/internet providers and governments.

Other key consumer highlights

  • 89 per cent say they are extra careful when they shop online because they’re afraid of their information being hacked or stolen
  • Less than half (46 per cent) are concerned about their personal data being stolen in a cyberattack on their employer
  • 58 per cent say they no longer trust the government to keep their personal information safe
  • 52 per cent of Canadians support the use of digital authentication measures such as biometric scans (fingerprint, voice, iris scan) to access government or business services if it provides more security over their personal data

For more insights into how businesses can build a strong cyber security culture and cyber defense strategy, read Cyber security in a post-pandemic world, by Hartaj Nijjar, Partner, Cyber Security, KPMG in Canada and Guillaume Clément, Partner, Cyber Security, KPMG in Canada.

About the KPMG 2021 Cyber security Poll

KPMG used Methodify, Delvinia’s online research platform, to survey 1,001 Canadians and 253 small- and medium-sized businesses between September 1-13. Thirty-seven per cent of companies had revenues between $10 million and $49.9 million, 25 per cent had revenues between $50 million and $99.9 million and 38 per cent had revenues of $100 million or more.

About KPMG in Canada

KPMG LLP, a limited liability partnership, is a full-service Audit, Tax and Advisory firm owned and operated by Canadians. For over 150 years, our professionals have provided consulting, accounting, auditing, and tax services to Canadians, inspiring confidence, empowering change, and driving innovation. Guided by our core values of Integrity, Excellence, Courage, Together, For Better, KPMG employs nearly 8,000 people in over 40 locations across Canada, serving private- and public-sector clients. KPMG is consistently ranked one of Canada’s top employers and one of the best places to work in the country.

The firm is established under the laws of Ontario and is a member of KPMG’s global organization of independent member firms affiliated with KPMG International, a private English company limited by guarantee. Each KPMG firm is a legally distinct and separate entity and describes itself as such. For more information, see home.kpmg/ca

SOURCE KPMG LLP