CIRA Survey Finds 71% Of Canadian Organisations Impacted By A Cyberattack In 2018

Canada’s ccTLD registry has published the results of their 2019 Cybersecurity Survey Report that found 71% of organisations reported experiencing at least one cyber-attack that impacted the organisation in some way, including time and resources, out of pocket expenses and paying a ransom.

“Now more than ever, Canadians need trust in the internet,” said Byron Holland, president and CEO, CIRA. “We believe that security is the foundation of that trust which is why we have leveraged our experience safeguarding the .CA domain to help Canadian organisations protect themselves and their users.”

The report provides an overview of the Canadian cybersecurity landscape and surveyed more than 500 individuals with responsibility over IT security decisions at both private and public sector institutions across Canada to learn more about how they are coping with the increase in cyber threats.

The full report, released as part of CIRA’s Cybersecurity Awareness Month activities, also found 96% of respondents said that cybersecurity awareness training was at least somewhat effective in reducing incidents while only 22% conducted the training monthly or better.

Other key findings were:

  • Only 41% of respondents have mandatory cybersecurity awareness training for all employees.
  • Among those businesses that were victimised by a cyber-attack, 13% indicated the attack damaged their reputation. This perception is a sharp contrast to the findings of CIRA’s recent report: Canadians deserve a better internet, which indicated that only 19% of Canadians would continue to do business with an organisation if their personal data were exposed in a cyber-attack.
  • 43% of respondents were unaware of the mandatory breach requirements of PIPEDA.
  • Of those businesses that were subject to a data breach, only 58% reported it to a regulatory body; 48% to their customers; 40% to their management and 21% to their board of directors.
  • 43% of respondents who said they didn’t employ dedicated cybersecurity resource cited lack of resources as the reason. This is up from 11% last year.

“While technical solutions are important, the best layer of security for any organisation are cyber-aware employees,” said Jacques Latour, chief security officer, CIRA. “We are happy to see more organisations embracing cybersecurity awareness training as a critical element of their defence. However, there is more work to be done to ensure the quality and rigor of the training offered keeps pace with the ever-changing world of cybersecurity.”

The full report is available to download from: