The most common cyber claims in Canada

Ransomware continues to be one of the top cyber threats to Canadian businesses, even though wire transfer fraud incidents are more expensive on average, according to a recent industry study. 

The average ransomware incident costs companies $596,000 USD, accounting for 40 of 177 claims from Canadian organizations, NetDiligence’s 2023 Cyber Claims Study found. These cyber losses were reported between 2018 and 2022.  

The second most common threat to Canadian businesses was business email compromise at 20 reported claims, costing an average $173,000 USD per incident. 

Other common causes of loss include:  

• Hacker: average incident cost of $117,000 (14 claims) 
• Staff mistake: average incident cost of $43,000 (8 claims) 
• Malware/virus: average incident cost of $52,000 (5 claims) 

Interestingly, wire transfer fraud claims cost companies an average of $615,000 USD — edging out both ransomware and business email compromise for the costliest loss. However, wire transfer fraud only accounted for 5 of 177 claims.  

“Ransomware continues to be one of top cyber threats to Canadian businesses, more so to the small and mid-size businesses,” Tushar Kapoor, director of security and privacy at RSM Canada told NetDiligence in the report. “We are also seeing a shift in the execution of this attack, as attackers are prioritizing stealing sensitive information and then following up with the ransomware attack.” 

Even though small and mid-sized businesses might be disproportionately affected by ransomware attacks, more than 60% of small businesses believe their business is too small to be targeted by cyber criminals. This number rises to 73% for sole proprietors, according to Insurance Bureau of Canada’s (IBC) 2023 Cyber Security Survey. 

When it comes to staff mistakes, 22% of employees said they’re concerned their actions could contribute to a cyberattack or data breach. Another 10% say they’ve shared confidential information with a publicly available chatbot or artificial intelligence platform. Still, the majority of business owners surveyed were not concerned about their staff posing a cyber risk. 

Global cyber landscape 

Ransomware remains the top cause of cyber loss globally, accounting for 33% of claims from small and mid-sized enterprises (SME).  

In 2022, the average ransomware incident cost companies $334,000 (per 2,556 claims).  

Business email compromise is the second top cause of loss globally, accounting for an average of $91,000 (1,441 claims).  

Rounding out the top five causes of loss globally are hackers ($76,000 per 930 claims), theft of money ($53,000 per 319 claims), and staff mistake ($11,000 per 216 claims).  

Overall, SMEs accounted for 98% of claims but only 46% of total incident cost. Large companies accounted for only 2% of claims but 54% of total incident cost. 

“These trends emphasize the urgency for organizations to establish robust incident response plans to mitigate cyber threats’ financial and operational impacts. It is clear that the time for SMEs to prepare for potential cyberattacks is now,” Mark Greisiger, NetDiligence president and CEO, said in the report.

Feature image by iStock.com/KanawatTH