CIRA Canadian Cybersecurity Survey identifies disconnect between awareness and actions

As changes to Canada’s privacy regulations loom, nearly 40 percent are not familiar with PIPEDA

OTTAWA  – October 15, 2018 – Today the Canadian Internet Registration Authority (CIRA) released its 2018 CIRA Cybersecurity Security Survey which provides an overview of the Canadian cybersecurity landscape.

We surveyed 500 individuals with responsibility over IT security decisions at small and medium-sized businesses across Canada to learn more about how they are coping with the increase in cyber threats. The sample included both business owners and employees who manage information technology.

In partnership with CIRA’s technology partner, Akamai Technologies, the full report was released this morning to coincide with Small Business Week in Canada.

Key findings

  • 40 per cent of respondents experienced a cyberattack in the last 12 months. One in ten experienced 20 or more attacks.
  • Among larger businesses with 250-499 employees, the number who experienced an attack increases to 66 per cent
  • 67 per cent of respondents outsource at least part of the cybersecurity footprint to external vendors.
  • While 59 per cent of respondents said they stored personal information from customers, 38 per cent said they were unfamiliar with PIPEDA.
  • One-third of respondents indicated that the most significant impact of a cyberattack is the time and resources required to respond to the incident.
  • 88 per cent of respondents were concerned with the prospect of future cyberattacks, which resulted in 28 per cent suggesting they would add cybersecurity staff in the next year
  • Although 78 per cent were confident in their level of cyber threat preparedness, 37 per cent didn't have anti-malware protection installed and a shocking 71 per cent did not have a formal patching policy – exposing these organizations to massive security holes
  • Only 54 per cent of small businesses provide cybersecurity training for their employees even though the most common form of malware seen by our respondents, phishing attacks (42 per cent), directly exploit employees as a point of weakness

Read the full report: https://cira.ca/2018-cybersecurity-survey-report

Executive quotes

A key element of building a better online Canada is ensuring Canadians have safe, secure internet access. Through our experience in managing the .CA domain for Canadians, we hope to help lend our expertise in safeguarding Canada’s internet so that Canadian businesses can thrive online.”

Byron Holland, president & CEO, CIRA

Training and awareness are critical to ensuring your business is cyber-secure. No matter how great your IT team is, anyone with a network-connected device can be the weak point that brings your business down.

Jacques Latour, chief security officer, CIRA

Additional resources

About the Canadian Internet Registration Authority

The Canadian Internet Registration Authority (CIRA) manages the .CA top-level domain on behalf of all Canadians. CIRA also develops technologies and services—such as D-Zone DNS Firewall—that help support its goal of building a better online Canada. The CIRA team operates one of the fastest-growing country code top-level domains (ccTLD), a high-performance global DNS network, and one of the world’s most advanced back-end registry solutions.