Cyber threats top concern for Canadian business leaders: survey

Cyber threats have once again topped the list of concerns for Canadian businesses, according to a survey.

Two-thirds (65 per cent) of business leaders are worried about cyber risks – a notable increase from 61 per cent last year – making it the leading concern for the second consecutive year, according to The Travelers Companies.

The survey – which gathered insights from 1,000 Canadian business decision-makers at small- and medium-sized Canadian businesses from Aug. 7 to 19, 2024 – paints a clear picture of the evolving risks organizations face as they navigate an increasingly digital landscape, says Michael Trendler, managing director of specialty insurance at Travelers Canada. 

“As technology continues to advance, cyber threats continue to grow. This year’s survey highlights the importance of preventive measures within organizations, including investing in the right cyber insurance coverage and educating employees on how best to protect information.”

Nearly all employers say that the threat of deepfakes has increased the risk of fraud at their companies, according to a previous KPMG report.

Other concerns for employers include:

• economic instability (62 per cent)
• the impact of the global economy on their companies (58 per cent)
• financial challenges (57 per cent)
• supply chain disruptions (56 per cent).

Why is cyber insurance less popular?

While concerns about cyber threats are rising, fewer companies are choosing to purchase cyber insurance. According to the survey, 66 per cent of respondents report having a cyber insurance policy in place, down from 72 per cent in 2023.

Among businesses that did not opt for cyber insurance, cost was the primary barrier, with 32 per cent citing the expense as a deterrent. Another 29 per cent believe their existing protections were sufficient.

This trend is significant given the frequency of cyber incidents reported, according to the report. And nearly 20 per cent of respondents admit their companies had experienced a cyber event but chose not to report it. Why? Fears of reputational damage or compromising intellectual property.

The most common type of cyber event was a security breach, with 36% of respondents indicating that unauthorized users had gained access to their company’s computer systems, according to the 2024 Travelers Canada Risk Index.

Cybercriminals upped their activity in the first half of 2023 compared to the previous year, according to a report from Trend Micro. The cybersecurity software company reported that it blocked more than 85.6 billion threats globally, consisting of email threats, malicious files and malicious URLs. That marked a 27 per cent year-over-year increase, according to the report.

How are data threats evolving?

The 2024 Travelers Canada survey also highlights a shift in the specific types of cyber threats that worry business leaders.

For the first time, unauthorized access to company banking accounts or financial systems has become the top concern, with 60 per cent of respondents listing it as a major risk – up from sixth place just a year ago.

Other significant cyber concerns include:

• the compromise or theft of customer or client records (59 per cent)
• unauthorized access to computer systems (59 per cent)
• system glitches or errors that could cause operational disruptions (58 per cent)

Nearly nine in 10 (84 per cent) of business leaders agree that having proper cyber controls in place is critical to the well-being of their companies. 

Personal information of employees at the Toronto Public Library dating back to 1998 was exposed when the library fell prey to a cyberattack late last year.

How can an organization protect itself against cyber threats?

Here are some ways employers can protect their organizations from cyber threats, according to the US’s Federal Communications Commission (FCC):

1. Train employees in security principles.
2. Protect information, computers, and networks from cyber attacks.
3. Provide firewall security for your Internet connection.
4. Create a mobile device action plan.
5. Make backup copies of important business data and information.
6. Control physical access to your computers and create user accounts for each employee.
7. Secure your Wi-Fi networks.
8. Employ best practices on payment cards.
9. Limit employee access to data and information, limit authority to install software.
10. Passwords and authentication.

“Broadband and information technology are powerful factors in small businesses reaching new markets and increasing productivity and efficiency,” says the FCC. “However, businesses need a cybersecurity strategy to protect their own business, their customers, and their data from growing cybersecurity threats.”

In 2023, the Health Employers Association of British Columbia (HEABC) fell victim to a cyberattack that hit the server that hosted websites and application forms for Health Match BC (HMBC), the BC Care Aide and Community Health Worker Registry and the Locums for Rural BC program.