Skip to main content

Technology ‘Alarming’ number of businesses hit by hackers in past year: poll

Just over half of entrepreneurs and C-suite executives use cybersecurity measures such as firewalls, tax and business consulting firm MNP says.

PAWEL KOPCZYNSKI/Reuters

Half of Canadian C-suite executives and nearly a quarter of entrepreneurs say their businesses' cybersecurity was breached in the past year, according to a new study from accounting, tax and business consulting firm MNP LLP.

Conducted by Ipsos in January and released Monday, the survey of 100 Canadian executives of medium- and large-sized businesses also polled 1,000 small-business owners. While 93 per cent of the combined groups said they felt their companies effectively protected customer data, nearly three in five of those polled "either suspect or know for certain" they were victims of hacking attempts.

The results follow a rough February for Canadian corporate cybersecurity. Reports of data breaches at Loblaw Cos. Ltd., Canadian Tire Corp. and Quebec's SAQ liquor-store chain prompted Cineplex last Friday to "proactively" ask users to reset their passwords to protect their information. The survey results further hammer down the prevalence of such data breaches – and emphasize the need for strategies and precautions beyond just password resets.

Story continues below advertisement

Read more: Cineplex 'proactively' asks users to change passwords

Calling the results "alarming," Greg Draper, MNP's vice-president of valuations, forensics and litigation support, said in an interview that Canadian businesses need to ramp up protections from a "growth industry" of nefarious hackers around the world.

"The big thing to note is the gap between the level of confidence businesses have in thinking they can prevent cyberattacks and their experience is quite different," he said. "The level of overconfidence is quite striking."

Proactively mitigating risks can reduce the likelihood of fraud and legal action while retaining consumer confidence.

Just over half of entrepreneurs and C-suite executives use cybersecurity measures such as firewalls, MNP found. Mr. Draper said this might lead to corporate confidence, but that basic software doesn't represent "an understanding of the fulsome responses needed to address risk these days."

The forensic accountant and former RCMP investigator said that businesses need to consider preventive cybersecurity measures as a necessity, rather than discretionary. "Fraud, at its base, is about telling lies for money," Mr. Draper said. "Changes in technology changed the types of lies people are telling, and the type and number of people who can tell lies to Canadian businesses."

Shifts in Canadian privacy law and expected forthcoming changes will make it difficult to hold back news of such attacks, he continued, suggesting that preventive measures will likely ramp up in the coming months.

Story continues below advertisement

Last week, website service Cloudflare announced a large global data breach, though none of the Canadian companies who confirmed cybersecurity problems in February has said it was the direct cause of their problems.

A spokesperson at Quebec's SAQ liquor-store chain said Friday that it had been investigating about 80 cases of data theft from its loyalty program, but that the problems seemed to stem from fraudulent and deceptive e-mails. The provincial Crown corporation is still investigating, including whether the problems are connected with those at other Canadian businesses.

A slight majority of the MNP survey participants said they could be more confident in their overall data protection initiatives. The findings built upon broader fraud data released by MNP last week, which similarly found that respondents were twice as likely to see fraud as an industry problem than a threat to their own company.

Internal fraud protection was also a concern among those polled: Only 42 per cent said they were confident they could prevent fraud from their own employees. Just under half of businesses said their internal prevention tools included pre-employment screening, awareness policies, codes of conduct, regular management oversight or internal audits.

"It starts with awareness, from the boardroom to the warehouse floor, of the risks of cyberfraud and simple steps that can be taken internally to prevent them," Mr. Draper said.

Report an error Editorial code of conduct
Tickers mentioned in this story
Unchecking box will stop auto data updates
Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

Comments that violate our community guidelines will be removed.

Read our community guidelines here

Discussion loading ...

Cannabis pro newsletter