Despite the increased threat of cyber attacks during the pandemic, almost half (47%) of Canadian small businesses surveyed say they do not allocate any portion of their annual operating budget to cyber security. This marks an increase of 14% from 2019, when one-third (33%) said they do not allocate any budget to cyber security, according to a new Leger survey, commissioned by Insurance Bureau of Canada (IBC).
In 2021, 41% of small businesses that ever suffered a cyber attack reported that it cost them at least $100,000, up from 37% in 2019. However, fewer than half of the businesses surveyed (46%) said they have implemented defences against possible cyber attacks, and only a quarter (24%) say they plan to purchase cyber insurance within the next year.
"The COVID-19 pandemic has forced many small businesses to adopt digital processes and move some of their traditional business online," said Jordan Brennan, Vice-President, Policy Development, IBC. "Unfortunately, this has created increased opportunities for cybercrime. While cyber attacks on larger businesses receive more media attention, small businesses are also a target for online criminals."
In the first half of 2021, insurers paid out over $106 million in cyber liability claims, according to the Office of the Superintendent of Financial Institutions. Incidents of cybercrime --- particularly ransomware attacks --- have increased drastically since 2020, as criminals began to prey on people working from home due to the pandemic. A report by law firm McCarthy Tétrault found that ransoms and the resulting lost productivity cost Canadian organizations an estimated $5.1 billion in 2020 alone.
"Cyber insurance can help victims pay for many expenses related to cyber attacks, such as civil fines, legal damages, forensic investigations, data restoration costs and other expenses to restore their business operations," explained Mr. Brennan. "Before looking for cyber insurance quotes, business owners should take preventive actions to demonstrate to their insurance representative that they are a lower risk."
Mr. Brennan recommends that business owners follow these steps to help secure their data:
- Enforce multi-factor authentication on login and network access;
- Focus on email security: enable attachment scanning, use external sender banners and train staff (or develop protocol) on spotting and containing malicious phishing attempts; and
- Run regular data backups and make sure the backups have unique credentials.
IBC conducted a similar survey in 2019 and has compared those results with the results of this most recent survey to look for trends in how small businesses (sole proprietors and those with up to 499 employees) are managing cyber security. The 2021 report has been published to coincide with Cyber Security Awareness and Small Business Month in October, and to help educate small business owners on the risk of cyber attacks and ways they can protect themselves.
About the Study
These are some of the findings of a recent Leger poll, conducted on behalf of Insurance Bureau of Canada (IBC). An online survey of 300 small businesses (sole proprietors and those with up to 499 employees) was completed between July 28 and August 5, 2021, using Leger's online panel. Results have been tracked against an online survey of 300 small businesses completed in 2019, also using Leger's online panel. No margin of error can be associated with a non-probability sample (i.e. a web panel in this case). For comparative purposes, though, a probability sample of 300 respondents would have a margin of error of ±5.7%, 19 times out of 20.