According to a new study carried out by federal agency Statistics Canada, one in five Canadian companies was the victim of a cyberattack last year.
The study also found that Canadian businesses spent $14 billion on cybersecurity in 2017 as they struggle to manage increased risks in the digital world.
In a wide-ranging business survey, Statistics Canada found that the most common suspected motive for cyberattacks was an attempt to steal money or demand a ransom payment. Theft of personal or financial information accounted for less than one-quarter of the cyberattacks, though it was the most cited reason for investing in cybersecurity, according to Statistics Canada.
And, only 10% of businesses affected by a cyberattack last year reported it to law enforcement agencies, said Statistics Canada. That may change after November 1, when key provisions of the federal government’s "Digital Privacy Act" come into effect, requiring companies to tell Canadian consumers when their personal information is breached.
In 2017, Canadian businesses spent $8 billion on cybersecurity staff and contractors, $4 billion on related software and hardware, and $2 billion on other prevention and recovery measures, the survey found.
Large businesses — those with 250 or more employees — were more than twice as likely as small ones to be targets of cyberattacks, according to the report. It said the attacks resulted in an average of 23 hours of downtime per company.
Data for the Statistics Canada study, entitled "the Canadian Survey of Cyber Security and Cybercrime" was conducted on behalf of federal department Public Safety Canada, and collected information between January and April of this year (2018). The study had a sample size of 12,597 businesses and a response rate of 86%.
