Only 1/3 small, medium-sized Canadian businesses get mandatory cybersecurity training: survey

The Insurance Bureau of Canada has published a new "report card" that gave Canadian businesses a C-grade when it comes to cyber safety actions and knowledge

Russian hacker

A significant portion of Canadian businesses is seemingly not doing enough to help keep their data safe and secure.

According to the Insurance Bureau of Canada’s (IBC) inaugural Cyber Savvy Report Card, just 34 percent of small and medium-sized business (those with fewer than 500 people) employees said they get mandatory cybersecurity awareness training.

This was one of the key findings of the report, which surveyed 1,525 Canadians aged 18 and over in August 2022. The goal of the report was to analyze Canadian workers on their cybersecurity knowledge and practices, and ultimately, they got a “C” letter-grade.

Other factors that contributed to this grade include 50 percent of employees saying their organization hasn’t introduced multi-factor authentication for increased security and only 24 percent of respondents reporting that their employer conducts phishing email simulations to promote awareness. All the while, 42 percent of employees said they’ve seen an increase in cyber scam attempts over the past year.

As part of the report card, IBC identified various worker behaviours that could make data more susceptible to cyber criminals:

  • 27 percent of respondents use just one password to access multiple websites they use for work
  • 23 percent access public Wi-Fi from their work computer
  • 19 percent download software/apps on their work devices that weren’t provided by their employer
  • 7 percent allow friends and family to share their work computer
  • 5 percent share their work login credentials by email or text

Per the report, 72 percent of employees said they’re guilty of at least one of these behaviours.

There were also some general misunderstandings about common terms related to cybersecurity. For example, IBC notes that 56 percent of respondents incorrectly said “true” when asked if ransomware “refers to when a criminal steals your work computer and asks you to pay for it to be returned.”

To put all of this into context, IBC noted that the average total cost of a data breach to Canadian organizations was an estimated $7.3 million, per IBM’s Cost of a Data Breach Report 2022.

IBC has published these findings ahead of Cyber Security Awareness Month, which falls in October. It’s also launched a website to provide various resources and help businesses gauge their own levels of cybersecurity.

IBC’s full Cyber Savvy Report Card can be viewed here.

Image credit: Shutterstock