A new Statistics Canada survey has revealed that not only were a good portion of Canadian companies targets of cyberattacks last year, but only a small percentage actually reported the attacks to authorities.
The survey, “Canadian Survey of Cyber Security and Cybercrime,” was conducted by StatCan on behalf of Public Safety Canada. Some 2,597 businesses participated in the survey, with a response rate of 86%.
StatCan found that more than one in five Canadian companies said they were hit by a cyberattack. And of those affected businesses, only 10% said that they reported the breaches to law enforcement agencies.
The survey also found that the most common suspected motive for the cyberattacks is an attempt to steal money or demand a ransom payment. The theft of personal and/or financial information made up less than a quarter of the cyberattacks reported by the respondents – however, it was the most cited reason for investing in cybersecurity.
“Canadian businesses continue to rapidly embrace the internet and digital technologies, which expose them to greater cybersecurity risks and threats,” StatCan said in a release.
“However, the impact of these risks and threats on the investment and day-to-day decisions of businesses are not easily understood as cybersecurity incidents often go unreported.”
According to StatCan, Canadian businesses paid out about $14 billion on cybersecurity in 2017 – $8 billion for cybersecurity staff and contractors, $4 billion on related software and hardware, and $2 billion on other prevention and recovery measures. The $14 billion represented less than 1% of their total revenues, the survey noted.
Large businesses (defined by the study as those companies with 250 or more employees) were more than twice as likely as small ones (those with 10-49 employees) to be targets for cyberattacks, StatCan added.