More than half of the small- and medium-sized businesses in the Metropolitan Vancouver Area and on Vancouver Island have been attacked by cybercriminals over the past year, according to a recent survey by the audit, tax and advisory firm KPMG LLP.
KPMG’s findings reveal that 55 per cent of these businesses have fallen victim to cyberattacks, with 54 per cent paying ransoms to regain control of their computer systems. However, despite the growing threats, 60 per cent of these businesses still do not consider cybersecurity a top priority.
The survey was conducted last month and involved 73 businesses. Of the participants, 55 per cent reported that they had been targeted by cybercriminals within the past year, while 54 per cent had paid a ransom within the last three years to regain access to their compromised computer systems.
“Cyberattacks have become a hard reality for companies, with over half in Vancouver and on the Island either trying to ward off attacks or falling prey to bad actors with malicious intent,” KPMG cyber security advisor Erik Berg said in a statement.
“Small- and medium-sized companies have many competing business priorities and often limited capital and resources. Yet, with organizations being constantly targeted by cybercriminals, cybersecurity can no longer be ignored.”
The KPMG Private Enterprise Business Survey also found that 60 per cent of the surveyed businesses believe their information technology and operational technology systems make them vulnerable to cyberattacks.
Around 54 per cent expressed a lack of confidence in having skilled personnel to implement, monitor, and manage cybersecurity risks, while only 32 per cent believed their employees were adequately trained to recognize phishing or other types of attacks.
Fifty three per cent of companies reported not having a plan to address a potential ransomware attack while 86 per cent believe a senior executive or someone on their board should be responsible for cybersecurity.
“A cyber breach can be costly, impair their operations and damage their reputation,” Berg said. “While many small to medium businesses don’t think they can afford to have full-time cyber teams, there are options available to them. They can’t afford to leave their operations exposed to criminals.”
Thirty percent strongly agreed to use AI for better cybersecurity and 49 percent somewhat agreed. These percentages are close to the national averages of 32 per cent strong agreement and 48 per cent partial agreement.
Seventy-six percent believed that generative AI has both benefits and risks for detecting cyberattacks, which is slightly lower than the national rate of 81 per cent.
Berg suggests that businesses understand what data and systems are most important to their business and then focus security investment, controls and monitoring on those key assets. He emphasized that customer and stakeholder expectations on how organizations secure their data are increasing.
“Regularly assessing their vulnerabilities and taking action to safeguard their operations and critical data are baseline expectations.”
Berg suggests that a broader range of technological solutions is accessible to enhance an organization’s cybersecurity, provided they are implemented effectively.
He recommends that companies implement proactive and preventive measures, including educating employees about identifying phishing attacks, controlling access to critical network components, ensuring the organization is prepared to address cyber incidents through the establishment of an Incident Response Plan, and isolating backup files from the primary network.