Canadian organizations 'underprepared' for cyberattacks

In the technological age, how can employers beef up their firm's cybersecurity?

Canadian organizations 'underprepared' for cyberattacks

Canadian organizations have admitted they're underprepared for a cyberattack, according to a new KPMG report, despite CEOs citing cybersecurity amongst their top concerns in the workplace. KPMG's Global CEO Outlook Survey found 20% of large Canadian companies are "underprepared" for a cyberattack, up from seven percent last year. The number of CEOs who said their companies are "well prepared" or "very well prepared" for a cyberattack also went down to 56% from last year's 73%.

These findings come despite cybersecurity placing seventh as the most pressing workplace concern for CEOs, behind economic issues, regulatory concerns, and disruptive technology.

Read more: How can HR mitigate ransomware attacks?

Hartaj Nijjar, partner and national cybersecurity industry leader at KPMG in Canada, urged large businesses to avoid overlooking cybersecurity, citing how much it could cost an organization in the long-term.

"While companies may be fixated right now on near-term risks like a recession, it's important not to take their eye off the ball when it comes to cybersecurity, because data breaches can cost organisations millions of dollars, and that's not something most companies can afford in an economic downturn. Keeping company data secure is an investment that will always pay future dividends," said Nijjar.

Meanwhile, small and medium-sized businesses are more likely to be prepared for a cyberattack, with 73% saying they’re "well-prepared" for it and 68% saying they have a plan to address a ransomware attack should they be hit by one.

Read more: HR vs cybersecurity: Why you need to be more involved

Nijjar attributed this to the arrival of digital platforms for smaller businesses, adding that SMBs have gone from building one to keeping it protected.

"Last year, as they were building their platforms, they may not have prioritised cybersecurity to the extent they are today," said Nijjar. "Now they better understand the risks and are either investing or planning to invest in appropriate defences to protect their organizations."

Cybersecurity culture

As more sophisticated scams emerge in the digital age, experts have been advocating nurturing strong cybersecurity culture alongside technological controls in the workplace. However, the KPMG report found that the number of large businesses recognising the importance of a cybersecurity culture has decreased significantly. In addition, 37% don’t think prioritising and building a strong cyber culture in the workplace is as important as technological controls.

Read more: The most dangerous cyber security mistakes

"A strong cybersecurity ecosystem can help boost the integrity of a company's product or service, its customer experience, regulatory compliance, brand reputation and even investor confidence," reminded Nijjar. "Most importantly, it builds trust. If stakeholders don't have trust in an organisation, they will look elsewhere for more trustworthy alternatives."

One way to build a strong cybersecurity culture in the workplace is involving everyone and underscoring just how important their individual roles are in keeping the organization safe from cyberattacks. Employers could organize training and workshops that would beef up awareness on cybersecurity for employees. GlobalSign previously suggested the following topics for training:

  • Password management
  • Encryption and digital signing
  • Understanding phishing attacks
  • Backing up work
  • Sending personal and important information
  • Account limits, access, and authentication
  • Policies and best practices