According to StatsCan, 21% of Canadian businesses reported they were impacted by a cyber incident in 2017. Aon named cyber-attacks and data breaches as the biggest risk to Canadian businesses in their 2019 Global Risk Management report. It’s a risk that can affect any business, regardless of its industry or size. It’s also a risk that can cause further harm, including damage to a company’s reputation and business interruption. We’ll review what cyberattacks and data breaches are and what the cyber risks for businesses in Canada are, as well as some tips on how to prevent, mitigate, and recover if your business becomes a victim.
What are cyber risks and data breaches?
A cyber risk or cyber-attack is defined as any anything done to destroy, damage, steal, change, restrict access, or gain unauthorized access to a computer network, system, software, device, or other digital technology or communication.
A data breach is when information is accessed or stolen or used by someone who is unauthorized. This can be done through a cyberattack or through physical means, such as stealing an unprotected laptop.
Cyber Risks for Businesses in Canada
There are countless ways that someone can carry out a cybercrime, including:
- Password hacking
- Overwhelming a network’s resources
- Phishing (usually through email)
- Attacking connections via servers or wifi networks
- Stealing laptops or smartphones
- Insecure websites with malicious scripts
- Downloadable apps designed to access your data or breach a network
The Netwrix blog does a fantastic job of going into detail about the most common types of cyberattacks.
These cyberattacks and data breaches can result in theft of intellectual property, data, personal information and finances, as well as disrupted business operations, destroyed networks, and a damaged reputation.
Why are Canadian businesses vulnerable to cyber risks?
Canadian businesses are vulnerable to cyberattacks and data breaches for many different reasons. This can include:
- Poor cybersecurity education
- Lack of cybersecurity in processes
- Cybersecurity processes are not enforced or properly implemented
- Employees are using their own devices for work (these devices are often less protected and dishonest employees can easily cause harm)
- Hackers and those with malicious intent are constantly evolving techniques
- Proper cybersecurity can be complicated, time-consuming and/or expensive
- Companies are not doing cyber risk audits
- Increasing prevalence of ransomware attacks meant to cause business disruption
Canadian Industries Most at Risk for Cyberattacks
Previously, financial institutions were considered to be the highest risk. According to Deloitte, however, the nature of cyberattacks has changed over the last few years, from financial theft and monetary threats to business disruption by ransomware. This also means that all Canadian businesses can be targetted.
However, certain industries are at a higher risk than others. Banking, government, healthcare, insurance, and technology organizations have the highest cyber risk according to Aon. Pharmacueticals, biotechnology, hotels, hospitality, and non-aviation transportation have also become targets more often.
What can Canadian businesses do to mitigate cyber risk?
Fortunately, Canadian businesses are not helpless when it comes to cyber risk. The first step is a cyber risk assessment. This is where you identify and evaluate your company’s cyber risks. You can do this yourself, although it would benefit most businesses to hire an external assessor.
Once your risks have been identified, it’s time to start mitigating them. This includes preventing them from happening, minimizing their impact, and how your company will recover if they happen. These should be added to your current business processes and documented. In general, this will likely include:
- Increased password use and strengthening passwords
- Improved network security
- Ensuring anti-virus and anti-malware software is installed and kept up-to-date
- Restricting employee device usage (or ensuring these devices are protected to the same standard as company-owned devices)
- Identity management and authentication
- Incident monitoring and response (in-house or outsourced)
- Training on cyber risks
- Back up data
- Continue cyber risk assessments annually
- Protect your business with cyber insurance
Cyber Insurance for Canadian Businesses
Cyber insurance (also known as cyber liability insurance or cybersecurity insurance) helps you recover if your business is a victim of a cyberattack or data breach. Coverage may include:
- Containment assessment and measures
- Reputation management
- Regulatory fines
- Legal expenses
Exactly what’s covered will depend on the policy and your coverage options, of course.
The cost of cyber liability insurance for Canadian businesses will depend on a few factors:
- Your industry and experience
- Insurance and claims history
- The size of your company
- Cybersecurity measures you employ
- Employee training on cybersecurity
- The type and amount of client data you store
We offer free, no-obligation cyber insurance quotes online – get yours today and see how easy it is to protect your business.