69 percent of business decision-makers believe that AI technologies have increased the threat level to organizations; 70 percent believe the federal government has a responsibility to do more to help businesses protect themselves against the latest threats.
TORONTO , ON–Palo Alto Networks, the global cybersecurity leader, revealed the results of the second edition of its Canadian Ransomware Barometer study conducted by the Angus Reid Group (Canada’s leading market research firm), which found that the average ransom paid by Canadian organizations has more than doubled since the first report: C$1.130 million in 2023 compared to C$458,247 in 2021 — an increase of almost 150 percent.
The survey of IT decision-makers at companies with 100 to 1,000 employees serves to highlight the state of cybersecurity in Canada and the impact of ransomware threats to Canadian businesses. The study found that of organizations that paid a ransom in 2023, the percentage of those that paid more than C$1 million jumped significantly from 8% in 2021 to 36% in 2023, with the average ransom demanded also increasing a significant 102% to C$906,115 in 2023 from an average of C$449,868 in 2021.
While the amount demanded and paid has increased dramatically, the percentage of Canadian organizations impacted by a ransomware attack has remained relatively unchanged — 35% in 2023 compared to 37% in 2021. However, more organizations are refusing to pay ransoms, with only 34% of organizations paying the demand, compared to 45% in 2021.
Businesses in the manufacturing sector appear to be targeted significantly more than other sectors, with 47% of respondents saying they have been hit with an attack, followed by the construction (38%) and healthcare and pharma (35%) sectors.
“The threat landscape in Canada has evolved since the first Ransomware Barometer study as more and more businesses recognize the need to be proactive and have the right security strategy in place to prevent attacks, and to lessen the impact of an attack,” said Daniel Roy, vice president and Canada country manager at Palo Alto Networks. “The study found that since 2021, companies are doing their share to improve their security posture by investing in cybersecurity as well as prioritizing employee training to better combat emerging threats.”
Emerging Threats
AI emerges as a potential threat: IT decision-makers are concerned with the potential threat artificial intelligence (AI) poses to their organizations. More than two-thirds of respondents (69%) believe the emergence of more AI technologies has increased the threat level to their organizations. The top three perceived threats that AI technologies pose to organizations’ cybersecurity include:
Automated phishing (21%).
Data privacy risks (21%).
Advanced cyberattacks (19%).
Breaches, phishing and ransomware remain as top threats: The survey found that company leadership was most concerned about potential data breaches (68%), phishing attacks (60%) and ransomware (53%). For the public sector, more than three-quarters of respondents (80%) believe data breaches to be their top threat type, while 78% of healthcare and pharma decision-makers considered phishing attacks the top threat to the sector.
Businesses are making the right investments
In a sign of positive progress, though, the survey found that organizations are taking a more proactive approach to improving their cybersecurity posture compared to two years ago. Over the past 12 months, 1 in 5 organizations (20%) have increased their spending on cybersecurity software significantly for better protection against cyberattacks, while a majority (51%) have increased spending somewhat. In parallel, organizations who think their employees have insufficient understanding of cybersecurity best practices recognize the importance of cybersecurity training, with almost half (49%) updating or implementing new cybersecurity training for its workforces to better protect against the latest cyberthreats, up from 38% in 2021.
“In the two years since the first study, Canadian organizations have largely taken a proactive approach to improving their security posture,” said Demetre Eliopoulos, senior vice president of Public Affairs at Angus Reid. “However, organizations are also paying a significantly higher cost than two years ago. As a result, Canadians IT decision makers are expecting the Federal Government to step up in helping organizations better protect themselves against emerging threats.”
Businesses call on the Government to do more
In addition to investing in cybersecurity solutions and training, more than two-thirds of IT decision-makers (70%) believe the federal government has a responsibility to do more to help businesses protect against the latest threats. Currently, only one-quarter (25%) believe the government is doing enough to help businesses protect themselves against cybersecurity threats.
Almost three-quarters (74%) believe cybersecurity compliance for organizations should be mandated by the federal government, while an overwhelming majority (92%) believe cybersecurity education programs should be part of the high school curriculum to prepare young Canadians.
Survey Methodology
In partnership with Palo Alto Networks, the Angus Reid Group conducted an online survey among a representative sample of 1,000 business and IT decision-makers in organizations with 100+ employees, in the week of November 6, 2023. The respondents are members of the Angus Reid Business Advisory Network. For comparison purposes only, a probability sample of this size would carry a margin of error of +/- 3.1 percentage points 19 times out of 20 for business leaders.
About The Angus Reid Group
The Angus Reid Group is Canada’s most well-known and respected name in opinion and market research data. Offering a variety of research solutions to organizations across North America, the Angus Reid team connects technologies and people to derive powerful insights that inform your decisions.
Related Posts
