Stats suggest ongoing growth opportunity in cyber insurance

One-third of Canadian businesses have unwittingly leaked sensitive information to cybercriminals, highlighting the opportunity for education from the property and casualty (P&C) insurance community.

According to the 2018 Canadian Internet Security Survey, released on March 22 by the Canadian Internet Registration Authority (CIRA), 32% of business respondents had “unwittingly divulged sensitive information due to phishing tactics.” A similar percentage (36%) of individual domain holders reported spending nothing on cybersecurity protection in 2017.

Nearly 2,000 responses from the Canadian business community helped provide insight into the threat landscape in Canada to determine where the challenges are, what gaps exist, and how businesses are coping. CIRA, which manages the “.ca” domain on behalf of all Canadians, reached out to registrants with at least one such domain who identified as either businesses or institutions (including non-profits and government) to ask them about their cybersecurity concerns, challenges and awareness.

Regarding the type of attack, 19% of those polled said that they were hit by ransomware. Twenty-two per cent of larger organizations were victimized by a DDoS attack in the past 12 months, an attack that sends multiple resources to a site in an attempt to bring it down; 10% of small business domains reported having their website brought down by an attack within the past 24 months.

Respondents expressed awareness but also concerns about cyberattacks: 77% of small business domain owners reported being concerned or very concerned about being the victim of an attack compared to 68% of personal domain owners.

“The cybersecurity threat landscape in Canada is complex and rapidly evolving,” said CIRA’s vice president of product development, Dave Chiswell, in a press release. “Our data shows that cybersecurity is no longer just a corporate IT problem, it impacts a wide spectrum of Canadian internet users.”