'Data breaches can cost organizations millions, and that's not something companies can afford in an economic downturn'
While CEOs say cybersecurity is amongst their top concerns in the workplace, Canadian organizations say they're underprepared for a cyberattack, according to a new KPMG report.
One in five large Canadian companies are "underprepared" for a cyberattack, up from seven per cent last year. The number of CEOs who said their companies are "well prepared" or "very well prepared" for a cyberattack also went down to 56 per cent from last year's 73 per cent, finds KPMG's Global CEO Outlook Survey.
These findings come despite cybersecurity placing seventh as the most pressing workplace concern for CEOs, behind economic issues, regulatory concerns, and disruptive technology.
Hartaj Nijjar, partner and national cybersecurity industry leader at KPMG in Canada, urged large businesses to avoid overlooking cybersecurity, citing how much it could cost an organization in the long-term.
"While companies may be fixated right now on near-term risks like a recession, it's important not to take their eye off the ball when it comes to cybersecurity, because data breaches can cost organisations millions of dollars, and that's not something most companies can afford in an economic downturn. Keeping company data secure is an investment that will always pay future dividends.”
Read more: Just 4 in 10 workers given cybersecurity training
Meanwhile, small and medium-sized businesses are more likely to be prepared for a cyberattack, with 73 per cent saying they’re "well-prepared" for it and 68 per cent saying they have a plan to address a ransomware attack should they be hit by one.
Nijjar attributes this to the arrival of digital platforms for smaller businesses, adding that SMBs have gone from building one to keeping it protected.
"Last year, as they were building their platforms, they may not have prioritised cybersecurity to the extent they are today," he says. "Now they better understand the risks and are either investing or planning to invest in appropriate defences to protect their organizations."
Cybersecurity culture
As more sophisticated scams emerge in the digital age, experts have been advocating nurturing strong cybersecurity culture alongside technological controls in the workplace. However, the KPMG report found that the number of large businesses recognising the importance of a cybersecurity culture has decreased significantly.
In addition, 37 per cent don’t think prioritising and building a strong cyber culture in the workplace is as important as technological controls.
"A strong cybersecurity ecosystem can help boost the integrity of a company's product or service, its customer experience, regulatory compliance, brand reputation and even investor confidence," says Nijjar. "Most importantly, it builds trust. If stakeholders don't have trust in an organisation, they will look elsewhere for more trustworthy alternatives."
Read more: 5 tips for effective cybersecurity
One way to build a strong cybersecurity culture in the workplace is involving everyone and underscoring just how important their individual roles are in keeping the organization safe from cyberattacks.
Employers could organize training and workshops that would beef up awareness on cybersecurity for employees. GlobalSign previously suggested the following topics for training:
- Password management
- Encryption and digital signing
- Understanding phishing attacks
- Backing up work
- Sending personal and important information
- Account limits, access, and authentication
- Policies and best practices