According to the latest research conducted by NordLayer, a network security solution for businesses, it has been found that Canadian businesses are heavily investing in cybersecurity solutions/services/apps (55%) and cybersecurity training for employees (51%). It’s interesting to note that the majority of companies (68%) have in-house cybersecurity specialists to handle these matters, while 18% prefer to outsource such services.
IT and cybersecurity budgets are distinct areas of funding. IT encompasses technology investments such as hardware, software, personnel, and cybersecurity. Since cybersecurity is only a small part of the bigger picture, it clarifies why budgets may be limited or even absent, according to cybersecurity specialist Carlos Salas from NordLayer.
In addition, the research highlights that phishing attacks were the most prevalent form of cyber-attacks in Canada during the previous year, accounting for 42% of the reported incidents. Malware attacks followed closely behind at 33%, while data breaches constituted 27% of the cases. Consequently, the financial impact varied among Canadian companies, with 45% experiencing losses of up to 5,000 CAD, and 12% facing losses exceeding 10,000 CAD. It is worth mentioning that these figures could potentially be higher, as approximately 15% of the surveyed companies were unable to disclose the exact amount they lost due to cyber incidents.
What kinds of cybersecurity solutions are currently in use by Canadian companies?
Recent research indicates that Canadian companies implement various strategies to enhance security. The majority of businesses, around 72%, rely on antivirus software for protection. Additionally, cybersecurity solutions, secure passwords, and file encryption are key components in current security policies within organizations.
The use of business virtual private networks (VPNs) remains popular for securing organization network connections, with a significant 65% of companies utilizing them. Cyber insurance, a newer addition to business cybersecurity, is more focused on addressing the consequences of an incident rather than preventing it.
In 2023, around 25% of Canadian companies intend to allocate up to 24% of their budget towards IT needs
Cybersecurity spending will be a top priority in the 2023 budget, with a majority of Canadian companies planning to invest in cybersecurity solutions, services, and applications. While cybersecurity training for employees remains a high priority, there will be a slight decrease in budget allocation for hiring dedicated staff and external cybersecurity audits.
The research findings indicate that a significant portion of surveyed companies, precisely 39%, have set their sights on allocating up to 24% of their organizational budget to cater to their IT needs in the year 2023. Furthermore, an additional 37% of the respondents have expressed their intention to invest up to 49% of their budget for the same purpose. It is quite interesting to note that only 4% of the companies have stated their lack of plans to invest in cybersecurity in 2023, and it is worth mentioning that the majority of these companies fall under the small business category.
According to Salas, when it comes to business budgeting, cybersecurity investments and cybersecurity solutions tend to receive only a fraction of the allocated IT budget. To ensure worthwhile outcomes, it is essential to allocate cybersecurity funds wisely, prove the effectiveness of the chosen security strategy, and minimize any unnecessary resource consumption.
What kinds of cyberattacks do small, medium, and large companies typically deal with?
NordLayer conducted a survey among organizations of different sizes, uncovering both commonalities and disparities in cyberattacks based on company size. When it comes to similarities across all sizes, phishing (39%) emerges as the most prevalent threat, closely followed by malware (34%).
Small businesses face a higher risk of identity theft (12%) and data breaches (11%) compared to insider threats (2%) and social engineering attacks (5%). Interestingly, only 42% of small businesses reported experiencing cyberattacks.
Medium enterprises often encounter issues such as malware (43%), social engineering (30%), and insider threats (29%). Among the different categories, medium-sized businesses are particularly vulnerable to data breaches (34%) and DDos/DoS attacks (27%).
Large companies bear the brunt of cyberattacks, with as much as 92% of incidents targeting them. Among these organizations, malware attacks are slightly more frequent (43%) compared to phishing attacks (42%). Data breaches and identity theft attacks occur at the same rate (27%), while ransomware attacks are the least anticipated (19%).
Allocating a budget for cybersecurity is crucial for companies
The mantra “cybersecurity keeps evolving — so do cyber threats” continues to be relevant in today’s world, emphasizing the significance of fortifying our business protection measures. By choosing comprehensive cybersecurity tools and solutions, we can attain the necessary flexibility to adapt to the dynamic nature of technology and risks. It’s crucial to allocate a sufficient budget to ensure effective cybersecurity measures.
Salas also provides advice on protecting organizations: “No company is immune to cyberattacks, regardless of size. I suggest that organizations, regardless of size, establish a robust cybersecurity plan. This plan should emphasize that every employee plays a role in cybersecurity, not just the IT team. As part of this plan, companies should implement cyber mitigation and remediation tools, along with backup strategies for potential threats. Additionally, investing in employee training and hiring dedicated cybersecurity personnel is crucial.”
Approach: NordLayer recently conducted a survey involving 500 companies across the United States, the United Kingdom, and Canada. The surveys were carried out by the external agency SAGO from March 15 to 25, 2023. The respondents, who were decision-makers in non-governmental organizations within the services industry, were asked about cyber incident costs and budget allocation for IT and security between 2022-2023. The companies were categorized based on size into small (1-10 employees), medium (11-200 employees), and large (201+ employees).
