10/22/2024
Cybersecurity breaches are becoming increasingly costly for businesses, and the latest data from Statistics Canada paints a concerning picture.
Canadian companies spent $1.2 billion on recovery from cyberattacks in 2023, double what they spent just two years earlier. While the percentage of businesses falling victim to attacks has slightly decreased, (one may argue there is less reporting) the financial consequences of breaches continue to escalate. With over 80% of cyberattacks beginning with business email compromise (BEC), highlighting that cybersecurity is not just an IT issue—it's every employee's responsibility and the solutions go beyond a bigger digital padlock.
Even though businesses are spending more than ever—$11 billion on prevention and detection in 2023, up from $9.7 billion in 2021—major organizations like Indigo, The Weather Network, Sun Life Financial, and the Calgary and Toronto public libraries being hit recently, this begs the question: Is the solution beyond IT alone?
With fewer companies paying ransoms (or admitting it)—this leads to rebuilding systems, losing critical time and data in the process. Meanwhile, bad actors sell the stolen data, compounding the damage and kicking the continuing financial can down the road for companies.
With such high stakes, it's clear that training employees, creating a culture of cybersecurity accountability, not just awareness, and understanding where your real risks are, is critical. Recognizing and understanding the cyber risks associated with employee decisions, their actions, organizational structure and governance are crucial. IT teams are not equiped to involve themselves in these aspects of cyber risk- the data proves it, so the responsibility lies across organizations. In a world where cyber threats continue to evolve, it’s time to think beyond IT and engage every part of the organization in the fight against these sophisticated attacks.
