Cyber security has become a major concern for Canadians and Canadian businesses. Attacks on businesses and services are becoming more frequent, and recent cyberattacks (such as the hack of Newfoundland and Labrador’s healthcare system or the ransomware attack at Toronto’s Hospital for Sick Children) have alerted citizens and governments to vulnerabilities that exist in the digital world, and the need to ensure information and systems are properly secured.
As per the Canadian Centre for Cyber Security’s National Cyber Threat Assessment 2023-2024, the Covid-19 pandemic expanded Canadians’ relationship with the Internet; more people are now working and meeting remotely, ordering goods online, using on-board navigation systems in their vehicles, and accessing medical care virtually. The Assessment states that while daily Internet use has increased since 2020, 64% of Canadians don’t plan to disconnect any time soon.
With more Canadians living online, there are more opportunities for cybercrime. Fraud and scams are the most common form of cybercrime, as cybercriminals attempt to steal personal and financial information via online transactions. Ransomware attacks (which can prevent access to essential services) have increased in frequency since 2020. And as the CCCS’s website notes, threats can come from any geographical location, with cyber threat actors using increasingly sophisticated methods to access vulnerable systems to achieve financial, geopolitical, or ideological goals.
The cost of cybercrime is formidable; according to the Canadian Anti-Fraud Centre, more than 90,000 fraud reports were filed in Canada in 2022, with more than $530 million stolen in that time. Canadian supermarket chain Empire Co. lost roughly $25 million due to a suspected ransomware attack it suffered in late 2022. (Cybercrime Magazine estimates that cybercrime will cost the world US $8 trillion in 2023.) And reputational costs are every bit as damaging as financial costs; digital identity company Imprivata cites a PricewaterhouseCoopers (PwC) survey that found 87% of consumers were willing to take their business elsewhere if (or when) a data breach occurs.
CCCS’s website states that while cyber threats succeed “because they exploit deeply rooted human behaviours and social patterns” (and not just technological vulnerabilities), they can be mitigated through the use of best practices in cybersecurity, and business continuity. (Particularly important, since cyber insurance is not easy to acquire.)
Businesses will want to conduct risk assessments to identify vulnerabilities and security priorities, and identify their security requirements (i.e., companies that store client data will have legal responsibilities as per the Personal Information Protection and Electronic Documents Act). Kobalt.io and Vanta recently hosted a webinar designed to help small- and medium-sized businesses navigate governance, risk, and compliance (GRC) regulations and plan their own strategies to protect their businesses from fraud and data breaches.
Companies offering goods and services that can securely manage client data – as well as identify and stave off cyberattacks – may find eager customers in the Canadian market. Events such as Security Canada’s International Security Conference & Exposition may offer an opportunity to network with participants in the Canadian cybersecurity market.