Only 34% of small and medium-sized business employees say they have received mandatory cybersecurity awareness training
New IBC Report Card Shows Room for Improvement in Cybersecurity Awareness
TORONTO, September 22, 2022 /CNW/ – New Insurance Office of Canada (IBC) found that Canadian small and medium-sized businesses have been slow to adapt to increasingly frequent and sophisticated cyberattacks. The results are presented in the first Cyber Savvy Scorecardwhich gave Canadians a “C” grade for cybersecurity actions and knowledge.
IBC’s report card is based on the results of a survey of 1,525 Canadians who work in small and medium-sized businesses (defined as businesses with less than 500 employees). The survey revealed a number of surprising findings:
- Two in five employees surveyed (42%) say they have seen an increase in cyber scam attempts over the past year.
- Only a third of employees surveyed (34%) say their company provides mandatory cybersecurity awareness training.
- Only half (50%) of employees surveyed say their organization has introduced multi-factor authentication, a critical cybersecurity defense mechanism that requires a user to provide two or more verification factors to gain access to a network or business app.
- Only a quarter of employees surveyed (24%) say their employer simulates phishing emails to help promote cyber vigilance.
“As cybercriminals become increasingly savvy, it is our collective responsibility to stay one step ahead,” said Celyeste Power, Executive Vice President, Strategic Initiatives and Advocacy, IBC. “That’s why IBC launched cybersavvycanada.ca, a new cyber education initiative to help small business owners and their employees better understand the threat of cyberattacks and what they can do to reduce their risk.
Employee actions increase their company’s cybersecurity risk
The BAC survey also found that 7 in 10 employees of small and medium-sized businesses (72%) reported at least one behavior that could allow a cybercriminal to gain access to their company’s computer systems. This reinforces the argument that more employers need to take action to reduce cyber threats. According to survey respondents:
- 27% use a single password to access multiple websites they use for work;
- 23% access public Wi-Fi while using their work computer;
- 19% download software/apps to their work devices that were not provided by their employer;
- 7% allow family members or friends to use their work computer; and
- 5% share their professional login or password by email or SMS.
Hybrid/remote employees are even more likely (77% of respondents) to take actions that could compromise their employer’s cybersecurity or data.
Attitudes towards cybersecurity raise concerns
Employees may also underestimate the role they play in their organization’s cyber defense, with 30% of respondents saying they don’t think cybercriminals would target them at work, and 28% of respondents saying their employer is alone responsible for protecting their workplace against cybercrime. threats.
The research also found that 21% of respondents think most cyber breaches are minor and easy to fix, when in fact they can have a devastating financial impact. In 2021, the average total cost of a data breach for Canadian organizations was approximately $7.3 million.1
“Everyone has a role to play in reducing cyber threats in the workplace. Although cyber insurance is an important safety net for businesses in the event of a cyber breach, it should be considered as part of a comprehensive cyber risk mitigation aimed at reducing an organization’s vulnerability to online threats,” Power added.
IBM, Cost of a Data Breach Report 2022
BAC’s new e-education initiative
IBC has launched a website, cybersavvycanada.ca, which provides resources and information on proactive steps businesses can take to help reduce their cyber risk.
During Cyber Security Awareness Month (October 1-31), IBC will encourage Canadians to test their knowledge by taking IBC’s Cyber Savvy Challenge at cybersavvycanada.ca.
The survey results are available at cybersavvycanada.ca.
The conclusions are drawn from a survey conducted by the BAC based on August 17 to 19, 2022, among 1,525 Canadians aged 18 and older who work primarily on a computer or other digital device in an organization with 2 to 499 employees. The sample was balanced by age, gender and region to match the profile of the Canadian labor force. All respondents are members of the Angus Reid Forum online. The interviews were conducted in English and French. For comparison purposes only, a sample of this size would yield a margin of error of +/- 2.5 percentage points 19 times out of 20.
About the Insurance Bureau of Canada
insurance office Canada (IBC) is the national industry association representing from Canada private home, auto and business insurers. Its member companies represent the vast majority of the P&C insurance market in Canada. For more than 50 years, IBC has worked with governments across the country to make affordable home, car and business insurance available to all Canadians. BAC supports the vision of consumers and governments that trust, value and support the private P&C insurance industry. He advocates for key issues and helps educate consumers on how best to protect their homes, cars, businesses and properties.
For press releases and more information on cyber insurance, visit IBC at www.ibc.ca. Follow us on twitter @InsuranceBureau or like us on Facebook. If you have a question about home, auto or business insurance, contact IBC’s Consumer Information Center at 1-844-2ask-IBC
SOURCE Insurance Bureau of Canada
For further information: Media contact: Brett Weltman, Manager, Media Relations, IBC, [email protected]