Headlines were made and CEO’s fired this year when Equifax had one of the worst breaches in history – but the problem puts all organizations at risk. Scalar’s data survey showed that the average cost of a breach is $175K and that 51% of organizations surveyed have suffered a data loss.
Business wants data, consumers don’t trust them and so governments are acting. Over 100 countries have laws to protect data and these laws have been getting more teeth. For example, after years of planning the updated General Data Protection Regulation (GDPR) in Europe goes into effect in 2018. It puts significant requirements on organizations to have full accountability over the data they collect. The good news is that the rules in Canada are already quite similar to those being put in place in Europe so our government has been ahead of the game. Canadian organizations need to know to whom data is shared and how it is used and have process that provide appropriate access to the specific and required data within departments and suppliers.
79% of companies collect data from individuals.
21% of users trust companies with their data
- BSI Group
There is more good news for Canada, according to the Ponemon Institute. Our sleepy little country ranked lowest on this list for the probability of a significant data breach based on historical data. Interestingly, this was juxtaposed by a report from Risk Based Security Inc. that determined that Canada had the third largest number of data breaches in the world with 59 instances after the USA (1,357) and the UK (104). It suggests that the scale of individual breaches in Canada have been lower than in other countries. We speculate that this is likely due to our relatively small number of global head offices.
Loss of key data is a factor in customer churn and has a real financial cost because, according to our research, 44% of Canadians are reluctant to do business with an organization after a data breach.
Small Business Impact
According to the the Canadian Chamber of Commerce’s Cyber Security in Canada paper, the Canadian economy is dominated by small business and that 71% of breaches happen to small business – who probably lack resources for adequate protection. In addition to breaches, a recent report from Malwarebytes shows 81% of the SMBs they surveyed had experienced a cyber attack of some kind and the cost of the attacks was less in direct ransomware-type payouts but measured in significant system downtime.
Lastly, the federal government is in the process of proposing its own improvement to the PIPEDA regulations. Corporations in Canada may be legally obliged to report data breaches to both the authorities and the individuals affected within a short time after the breach is discovered. This is expected to dramatically increase the number of headlines on this issue and help organizations to think a little more about their protection – especially, as the Equifax situation illustrates, senior management jobs are on the line.