The quarterly C-Suite Survey was conducted for Report on Business and Business News Network by Gandalf Group, and sponsored by KPMG. The survey interviewed 124 executives between Sept. 18 and Oct. 9, 2014. Want to know more about what Canada's business leaders think? Watch for coverage Monday on BNN and view the whole survey – as well as the C-Suite archives – online at tgam.ca/csuite
Canadian businesses are pumping more money and resources into the battle against cyberattacks, taking action to ensure the security of corporate data.
The latest C-Suite survey of business executives shows that security budgets are increasing and firewalls are being beefed up, as anxiety over possible attacks on computer systems ratchets higher.
Indeed, the recent breaches aimed at customers of Target Corp., Home Depot Inc. and Apple Inc. have raised the profile of the issue to the point where many executives say they must act.
Almost half of those surveyed said they are more concerned about cybersecurity in light of the recent breaches.
Sixty per cent have boosted computer-security budgets in the past two years, and 87 per cent say they are now prepared for threats – although only 23 per cent say they are "very well" prepared.
"I am thrilled to see it being more on the agenda, because it is something that corporations and society as a whole have not put adequate thought into," said Rupert Duchesne, chief executive officer of Montreal-based Aimia Inc., the company that runs the Aeroplan points system and other international loyalty programs.
"The perceived threat has been lower than the actual threat. We are now getting the actual and the perceived into balance, and so people are spending more time and focus and money on it, and that is exactly what should be happening."
The worries are substantially higher among companies in the service sector, where 72 per cent of executives say they are very or somewhat concerned about threats to their firm's networks or electronic data.
By contrast, 50 per cent of manufacturing executives show the same concern, and only 28 per cent of resource sector bosses.
But even in the resource sector, there is a recognition that risks exist.
Gestur Kristjansson, president of Winnipeg-based mining firm San Gold Corp., said recent high-profile security breaches made his company sit up and take notice, even though it has no retail customers.
Data security "is more on the radar than it has been, given the recent breaches," he said. The key concern for San Gold relates to personal communication devices such as mobile phones, which have been very valuable, but also present security issues, Mr. Kristjansson said. "On the one hand you want the efficiency of [employees] being able to access the network, but with that, comes a price. There is a trade-off between communication and security. We wrestle with that."
Mr. Kristjansson said he is very confident that San Gold's key mission-critical data are well protected, but he is more concerned with threats that might arrive through the communications system – especially since the company has already had a couple of "denial-of-service" attacks that have forced a temporary shutdown of the e-mail system.
Indeed, 28 per cent of the surveyed C-Suite executives said their businesses have already been the subject of some kind of cyberattack.
At International Road Dynamics Inc., a Winnipeg-based company that sells traffic management technology, CEO Terry Bergan said his firm has detected attempts to hack into its computer system.
While he thinks the perpetrators were more likely random hackers rather than someone bent on corporate espionage, the result is that data security "is of increasing concern to us [and] we have beefed up our budget and put different layers in," Mr. Bergan said. "I certainly didn't appreciate personally how serious it was until we did find that somebody tried to breach our security."
Where IRD's IT department once consisted of "a junior computer guy," it is now is a much larger team "and a couple of them are very senior," Mr. Bergan said.
"We have put in the resources and given them the authority and budget to be able to manage it."
Willy Kruh, global chair of consumer markets at KPMG, said the C-Suite results show that companies are getting more serious about this issue, but there is still not a full understanding among executives of the true risks of cyberattacks.
Anything in a company, from research data to intellectual property to accounting information can be at risk, he said, along with the firm's reputation. While there can never be absolute security, companies need to carefully assess where "holes" might be, and educate employees, suppliers and customers about the issue, he said.
Mr. Duchesne, of Aimia, agreed that almost every company, from a corner store that accepts credit cards, to a big corporation or government department, has sensitive information that needs to be protected. "It doesn't matter what kind of business you are in, you have to take this very, very seriously."
A great majority of executives polled in the C-Suite survey – more than 90 per cent – say the recent foreign investment agreement with China will be positive for Canada. Indeed, that market is crucial for Canada, the executives say – 65 per cent list China as the top priority for the country's trade efforts. The European Union comes second, followed by India, Korea and Brazil. But there are caution flags. Executives say they are held back from doing business in Asian markets because of regulations and bureaucracy, currency concerns, cultural barriers and an uncertain political landscape in some countries.