87% of Canadian businesses have experienced at least one hacking incident: study

Nearly nine in 10 (87% of) Canadian businesses have experienced at least one hacking incident in the last year – compared to 69% of businesses in the United States – according to a study of business risk managers released on Wednesday by The Boiler Inspection and Insurance Company of Canada (HSB BI&I), a member of the HSB Group and part of Munich Re.

More than half (60%) believe their companies are dedicating enough money or trained and experienced personnel to combat the evolution of hacking techniques, yet 42% do not have cyber insurance coverage, HSB BI&I said in a press release. [click image below to enlarge]

The 2015 Cyber Poll was conducted onsite at the Risk and Insurance Management Society Conference Canada (RIMS Canada) in Quebec City on Sept. 28. It is intended to represent the sentiments of 102 risk manager attendees who participated through in-person interviews, and represented small (1-99 employees), mid- (100-999 employees) and large-sized (1,000+ employees) businesses in the following industries: utilities & energy, mining, aerospace, defence & security, manufacturing, public sector, technology, financial services, medical/healthcare and retail.

Of the risk managers studied, 66% represented large enterprises, followed by 28% at mid-sized organizations and 6% at small-businesses.

“With the prevalence of cyberattacks in Canada, there is a clear discrepancy among risk managers’ perceptions and the level of exposure their companies face from hacking activity,” said Derrick Hughes, vice president for HSB BI&I, in the press release. “Hackers have evolved and so have the risks. Businesses must do more to protect their sensitive information and manage any data breaches.” [click image below to enlarge]

The survey revealed a notable uptick in awareness and concern about cyber risk following the recent passage of the Digital Privacy Act (Bill S-4). Nearly 70% of risks managers said they would be more inclined to purchase cyber insurance coverage for their company due to the new data breach notification requirements. Concerns about the type of information being breached ranged from sensitive corporate information (50%) to personally identifiable information (42%) to financial information (8%).

When asked about the type of risk management services they would be most interested in deploying to combat cyber risk, risk managers point to intrusion detection and penetration testing (40%), encryption (24%) and employee education programs (19%).