As a potential recession becomes a more pressing issue to Canadian business leaders, a new KPMG survey suggests that businesses risk overlooking the importance of cybersecurity, even as cyberattacks continue to rise.
KPMG surveyed business owners or executives at 503 small- and medium-sized Canadian companies between Aug. 16 and Sept. 1, 2022, and released its Global CEO Outlook Survey of its findings on Thursday.
In a release, KPMG said the survey found that “the number of CEOs at large Canadian companies who said they were “well prepared” or “very well prepared” for a cyberattack fell 17 percentage points from last year and those who said they were “underprepared” jumped three-fold.”
The CEOs also “reported an even bigger drop – nearly five-fold — in their level of preparedness against a specific cyberattack like ransomware (malicious software that holds data hostage in exchange for a ransom).”
KPMG’s cybersecurity partner Alexander Rau said the findings shouldn’t be seen as cybersecurity being deprioritized by business leaders, but rather other topics, such as a potential recession and the conflicts in Eastern Europe, are what’s coming more top of mind to leaders.
“I do believe that our leaders over the last couple of years have really taken cybersecurity as sort of a top priority. But now other priorities with the changing global landscape are changing. But that doesn’t mean they’re losing sight of it,” said Rau in an interview with Global News.
The firm said that when CEOs were asked what keeps them up at night, they put “cybersecurity seventh behind a range of other pressing near-term risks such as the economy, a potential recession, regulatory issues, and disruptive technologies.”
In a separate KPMG report in Canada, the firm said small- and medium-sized businesses reported in comparison that they feel more prepared to handle a cyberattack — up to nine percentage points.
KPMG pointed out however that more than two-thirds of businesses in the survey admitted that their cyber defences can improve more and that includes making employees more aware of cyberattacks and how they work.
“They ranked cybersecurity as their second single-most-pressing concern today,” the firm added.
Rau said that small and medium organizations are in a tougher situation compared to larger organizations that have had the resources to invest in it over the years.
“You have organizations that have dedicated departments and partners that help them with defending their assets and information against hackers,” said Rau.
“But then you have smaller organizations, which is what the Canadian economy is built on and when it comes to those, having the resources available to them from a financial, human resources, and technology perspective is really difficult,” he added.
Rau said this put small- and medium-sized businesses at a larger risk for hacking and ransomware.
The report shows that 56 per cent of small and midsize businesses surveyed have been attacked by cybercriminals in the past year by malware, ransomware, or phishing.
“Half said they have had to deal with a ransomware attack in the past year,” the report stated.
Small and midsize businesses also said 68 per cent have a plan to address a ransomware attack if faced with one and 68 per cent said geopolitical uncertainty is raising concerns about possible cyberattacks in their organizations.
“Attackers are becoming more sophisticated and we see more and more attack groups because as we see with crime, there’s money to be made,” said Rau.
As the priorities of businesses change with the economy, Rau said businesses should not lose sight of cybersecurity and continue ensuring that company data and information is secure.
“Small and medium businesses need to understand that they don’t have to do that by themselves. They can reach out to third parties who specialize in cybersecurity,” said Rau.
“In times when people are thinking about spending money right, you get a better return on investment when you engage security experts to help you secure your assets in the organization,” he added.