CALGARY, Oct. 24, 2023 – More than half (51 per cent) of small- and medium-sized businesses (SMBs) in Alberta say they were attacked by cybercriminals over the past year and 55 per cent paid a ransom to unlock their computers within the past three years, finds a survey conducted last month by KPMG in Canada.
Yet only 44 per cent say that cybersecurity is a “business priority.”
“Cyberattacks have become a hard reality all over the globe and even closer to home for Albertan companies, with over half falling prey to cybercriminals,” says Vidur Gupta, a Calgary-based cybersecurity partner for KPMG in Canada. “It’s a lot like being ‘stuck between a rock and a hard place’ because small- and medium-sized companies have many competing businesses priorities, limited capital, and stretched resources. But in today’s world, you can no longer ignore cybersecurity. It needs to be part of the overall business strategy.”
Almost two-thirds of SMBs in Alberta acknowledged their information-technology (IT) and/or operational-technology (OT) systems make them susceptible to cyberattacks, the KPMG Private Enterprise™ Business Survey finds. Nearly 60 per cent also say that they lack the skilled personnel to implement, monitor, and manage cybersecurity risks and only 29 per cent strongly agree that their employees are adequately trained to recognize a phishing or other attack.
Key survey findings:
- 51 per cent of 78 SMBs surveyed in Alberta say they were attacked by cybercriminals in the past year, compared to 63 per cent nationally
- 55 per cent paid a ransom within the past three years (vs. 60 per cent nationally)
- Only 44 per cent say that cybersecurity is a “business priority” (slightly higher than the 38 per cent national average)
- 65 per cent say that their legacy systems or infrastructure – that is, their information and/or operational technology – make their company vulnerable to cyberattacks (vs. 71 per cent nationally)
- 57 per cent say their company doesn’t have the skilled personnel to implement cybersecurity or monitor for attacks (vs. 66 per cent nationally)
- Just 28 per cent agreed strongly that their company is “well-prepared” to defend against a cyberattack and 54 per cent agreed somewhat (vs. 41 per cent agreed strongly and 47 per cent agreed somewhat, nationally)
- Only 29 per cent agreed strongly that their employees are adequately trained and equipped to identify and report on potential threats, and 47 per cent agree somewhat (vs. 31 per cent agreed strongly and 51 per cent agreed somewhat, nationally)
- 53 per cent don’t have a plan to address a potential ransomware attack (vs. 59 per cent nationally)
- 82 per cent believe a senior executive or someone on their board should be responsible for cybersecurity (vs. 81 per cent nationally).
“While our survey indicates similar findings across Alberta-based entities and nationally, fewer Alberta companies are prepared to defend cyberattacks,” says Mr. Gupta. “This is worrisome because a cyber breach can be costly, impair their operations, and also damage their reputation. This is why it’s so important to take proactive, preventative measures, such as training employees how to identify phishing attacks and deploying measures to restrict access to segments of network based on the defined role of the employee.”
“While many SMBs don’t think they can afford to add full-time cyber teams, they can’t leave their operations exposed to criminals. They need to regularly assess their vulnerabilities and take action to enhance their cyber resilience.”
Nearly thirty per cent (30 per cent) agreed strongly that they are considering using artificial intelligence (AI) to bolster cybersecurity and have “a good understanding” of the risks associated with it and how to manage them, while 47 per cent agreed somewhat. By comparison, nationally, 32 per cent agreed strongly and 48 per cent agreed somewhat.
But eight in 10 (78 per cent) also believe generative AI is a “double-edged sword” that may help detect cyberattacks but also provide new attack strategies for adversaries or bad actors. This compares to 81 per cent nationally.
“AI and machine learning can help detect abnormalities and potential vulnerabilities to warn users of potential threats,” says Mr. Gupta. “But while companies are just starting to harness AI for good, unfortunately bad actors are also already using AI to make their attacks more real. As we wrap up Cybersecurity Awareness Month, it’s important to acknowledge along with adoption of new technologies, the security and governance aspects also need to be addressed.”
Mr. Gupta is hosting a Cyber Challenge hackathon today for university students at Platform Calgary focused on operational technology exercises.
KPMG last month completed the acquisition of Calgary-based IMagosoft, solidifying the firm’s presence in identity and access management service space.
More insights from the KPMG survey are available here.
About the KPMG Private Enterprise™ Business Survey
KPMG in Canada surveyed business owners or executive level C-suite decision makers at 700 small-and-medium-sized Canadian companies between August 30 and Sept. 25, 2023, using Sago’s premier business research panel. A quarter of the companies surveyed have more than $500 million and less than $1 billion in annual revenue, a quarter have more than $300 million and less than $500 million in annual revenue, 23 per cent have between $100 million and $300 million in annual revenue, and 26 per cent have between $10 million and $50 million in annual revenue. No companies were surveyed under $10 million.
About KPMG in Canada
KPMG LLP, a limited liability partnership, is a full-service Audit, Tax and Advisory firm owned and operated by Canadians. For over 150 years, our professionals have provided consulting, accounting, auditing, and tax services to Canadians, inspiring confidence, empowering change, and driving innovation. Guided by our core values of Integrity, Excellence, Courage, Together, For Better, KPMG employs more than 10,000 people in over 40 locations across Canada, serving private- and public-sector clients. KPMG is consistently ranked one of Canada's top employers and one of the best places to work in the country.
The firm is established under the laws of Ontario and is a member of KPMG's global organization of independent member firms affiliated with KPMG International, a private English company limited by guarantee. Each KPMG firm is a legally distinct and separate entity and describes itself as such. For more information, see kpmg.com/ca.
For media inquiries:
Caroline Van Hasselt
National Communications and Media Relations
KPMG in Canada
(416) 777-3328
cvanhasselt@kpmg.ca
Roula Meditskos
National Communications and Media Relations
KPMG in Canada
(416) 416-549-7982
rmeditskos@kpmg.ca