A recently released CIRA cybersecurity survey found that three in 10 (29 per cent) experienced a breach of customer and/or employee data last year, nearly doubling from 18 per cent in 2019 before the pandemic began.
In the annual survey, CIRA asked 500 IT security professionals for their perspectives on the cybersecurity landscape including the evolving nature of cyber threats and the increasing calls for more accountability on data privacy. As organizations continue to collect more and more sensitive information about employees, suppliers or vendors, only 44 per cent of those who experienced a breach say they informed those affected of the incident.
“The pandemic has raised the cybersecurity stakes for organizations across the country,” said Jon Ferguson, general manager, Cyber DNS, CIRA. “Threats are more common and more sophisticated, and customers are holding brands accountable for mishandling their data. It is our hope that this survey will provide some perspective on the issues and help raise awareness on the problem we are facing.”
From major airlines to rideshare apps and iconic Canadian food chains, protecting stakeholders’ data is an increasing challenge. In the past, these data breaches may have mostly affected large corporations, but now small and medium-sized businesses, school boards, municipalities and organizations of all industries and sizes are impacted according to CIRA’s survey findings.
“Given that 15 per cent of organizations reported a loss of customers following a data breach (also double the pre-pandemic level) protecting customer data is no longer just an IT issue, it is also a sales and brand issue,” suggests Delphine Avomo Evouna, communications specialist for CIRA.
- Three in 10 (29 per cent) organizations experienced a breach of customer and/or employee data. Before the pandemic, only 18 per cent said they experienced it—a difference of nearly double.
- Just over half (55 per cent) characterize their organization as more vulnerable to cyber threats because its employees work remotely.
- Most IT professionals (82 per cent) indicate that their organization has a cyber incident response plan while six-in-ten organizations have used their plan in the last 12 months.
- Survey data indicates that 15 per cent of organizations reported a loss of customers following an attack which is double the pre-pandemic level.
- Six in 10 (59 per cent) are concerned about the potential impact of Bill C-27 on their organization. The poll also shows that the private sector is less prepared to implement the new requirements.
- Most organizations (63 per cent) consider preventing data flows going through foreign countries (data sovereignty) as more important than price when selecting a cybersecurity service vendor.