For this blog post, Get Cyber Safe has partnered with the Canadian Internet Registration Authority (CIRA), who, like us, understands how important cyber security is to businesses as well as individuals. This blog presents their perspective, and we thank them for being a dedicated partner in the cyber security of Canadians.
Every week, Canadians are faced with headlines of yet another cyber incident affecting the organizations they rely on—from hospitals to infrastructure operators to the brands we know and love.
According to new survey data from the Canadian Internet Registration Authority (CIRA), 43% of cyber security decision-makers surveyed reported they have made changes to their organization’s cyber security approach in response to news about major cyber attacks in the past year.
The 2024 CIRA Cybersecurity Survey asked 500 IT and cyber security professionals across the private, public and MUSH (municipalities, universities, schools and hospitals) sectors about their organization’s cyber security awareness, preparedness and experiences. The results show that Canadian organizations understand the importance of cyber security preparedness and are stepping up to the plate.
What keeps cyber security professionals up at night?
In 2024, cyber attacks aren’t a matter of if, but when. Forty-four per cent of respondents reported that their organization experienced a cyber attack (attempted or successful) in the past year. Even though public sector (58%) and MUSH sector (55%) organizations reported more attacks than their private sector (41%) counterparts, risk is top of mind for organizations across all sectors.
The top three risks identified by cyber security professionals are malicious software (or malware) (50%), scams and fraud (45%) and manipulation or theft of data (43%). Respondents believe the biggest potential threats are profit-motivated cyber criminals (60%), followed by cyber criminals motivated by nationalist beliefs (33%) and foreign state actors (32%).
Ransomware and recovery
Ransomware continues to be one of the most widespread and disruptive cyber threats facing Canadian organizations. Twenty-eight per cent of respondents say their organization was the victim of a successful ransomware attack in the last 12 months—an 11% increase from 2021. Among those that experienced a ransomware attack, an overwhelming majority (73%) say their data was wiped and a similar number (79%) opted to pay the ransom—with price tags that frequently exceeded $25,000. Paying the ransom is not usually advised, due to several risks. Learn why from the Canadian Centre for Cyber Security (the Cyber Centre).
Recovering from a cyber attack can be difficult and time consuming. Among those who experienced an attack, almost three quarters (72%) say it took just under a month to recover their IT systems to pre-incident capacity. The effects of a ransomware attack don’t just affect operations, they can also affect business reputation. Twenty-eight per cent said their reputation suffered as an impact of a successful cyber attack—a significant rise from only 6% in 2018.
Canadian organizations are stepping up in a complex threat environment
Organizations are increasing their human, technological, financial and legal resources dedicated to cyber security preparedness. In the past year, many Canadian organizations (76%) have increased the human resources dedicated to IT systems management and cyber security. However, 20% of organizations have not because many (33%) don’t have the financial resources to do so.
Almost three quarters of those surveyed say that the financial resources they devote to IT systems management and cyber security have increased in the past 12 months.
Just over four in ten organizations (43%) allocate between 5 and 15% of their IT budget to cyber security. A growing number of Canadian organizations (82%) also report having cyber security insurance coverage, which represents a significant increase from just 59% in 2021.
Conclusion: Cyber security is a team sport
The scope of the cyber security problem is too big to go it alone. Partnering with trusted organizations to share best practices and resources can help boost our collective cyber security preparedness. After all, in Canada, we know that no matter what we do, we’re stronger together. To learn more about how your organization can stay cyber safe, be sure to visit the Get Cyber Safe campaign.
About CIRA
CIRA is the national not-for-profit best known for managing the .CA domain on behalf of all Canadians. As a leader in Canada’s internet ecosystem, CIRA offers a wide range of products, programs and services designed to make the internet a secure and accessible space for all. CIRA represents Canada on both national and international stages to support its goal of building a trusted internet for Canadians by helping shape the future of the internet.