Canadian Underwriter

One-quarter of Canadian small and medium businesses with revenue over $10M victims of cyberattack: study

October 12, 2016   by Canadian Underwriter

Print this page Share

One in four Canadian small and medium-sized businesses (SMBs) with annual revenue over $10 million have been victims of a cyberattack compared to only one in 10 with annual revenue under $10 million, according to a new survey from Internet security provider ESET.

hacking computer system“Canadian small and medium business owners should take note that as their business grows, so does the risk of a cyberattack,” ESET said in a press release on Wednesday. “That risk grows exponentially after they reach the business milestone of $10 million in annual revenue.”

For this survey, a sample of 1,003 Canadian adults were interviewed online. The respondents were employed at small businesses (defined as companies with five to 99 employees) and medium businesses (defined as companies with 100 to less than 500 employees), and work in IT, senior management or have a broad knowledge of their company’s IT policies and procedures. The poll is accurate to within +/ – 3.5 percentage points, 19 times out of 20.

The research from ESET and market research group Ipsos showed that one in five Canadian SMBs who have been a victim of a cyberattack have suffered a significant loss to their business because of their inability to service customers. Sixty-five per cent of Canadian SMBs said they can only function for “a few hours or days” without access to their data, and a full 15% of Canadian SMBs would have to cease functioning immediately.

The survey also found that while seven in 10 Canadians employed at SMBs feel their company is devoting enough resources to cybersecurity, only 33% of them feel “very confident” that their company is safe from attack. In addition, less than one-third of Canadian SMBs are “very familiar” with the concepts of ransomware, social engineering and two-factor authentication, bringing into question their ability to judge their company’s cybersecurity readiness.

“These SMBs with revenue over $10 million are exceptionally vulnerable to cybercriminal activity,” said Iva Peric-Lightfoot, country manager, ESET Canada, in the release. “Businesses of this size have the same attractive assets as enterprise-level organizations, but tend to have a lower level of protection and less sophisticated security solutions in place.”

Added Peric-Lightfoot: “This is not to say that businesses with under $10 million in revenue should not be concerned. In fact, these are the companies that often have a harder time recovering should a breach or attack happen. They may not be targeted as often, but they also probably don’t have the in-office expertise to react quickly. They need to depend on trusted advisors, like value-added resellers and strong security software.”