MONTRÉAL, Oct. 24, 2023 – More than six in 10 small- and medium-sized businesses (SMBs) in Quebec were attacked by cybercriminals over the past year and nearly three-quarters of them say their legacy information and operational technology systems are making them vulnerable to attacks, finds a KPMG in Canada survey conducted last month.
Nearly three-quarters (74 per cent) say their information-technology (IT) and/or operational-technology (OT) systems make them vulnerable to cyberattacks, finds the KPMG Private Enterprise™ Business Survey. Almost two-thirds (65 per cent) say that they lack the skilled personnel to implement, monitor, and manage cybersecurity risks and just 38 per cent feel strongly that their employees are adequately trained to recognize a phishing or other attack.
“Small- and medium-sized companies have many competing business priorities and often limited capital and resources, which makes them a target,” says Guillaume Clément, Partner, Cyber Security Services and President, KPMG Egyde Conseils Inc. “A cyber breach can be costly, impair their operations and damage their reputation. While many SMBs don’t think they can afford to have full-time cyber teams, there are options available to them. They can’t afford to leave their operations exposed to criminals. They need to regularly assess their vulnerabilities and take action to safeguard their operations.
“Technology can help organizations to improve their cybersecurity when it’s deployed appropriately. Companies should also take proactive, preventative measures, such as training to teach employees how to identify phishing attacks, restricting access to essential parts of the network, and partitioning back-up files from the main network,” he adds.
Key survey findings:
- 63 per cent of 154 SMBs surveyed in Quebec were attacked by cybercriminals in the past year, in line with the national average
- 60 per cent paid a ransom within the past three years (same nationally)
- 60 per cent say that cybersecurity is not regarded as a “business priority” (vs. 62 per cent nationally)
- 74 per cent say that their legacy systems or infrastructure – their IT and/or OT systems – make their company vulnerable to cyberattacks, above the 71 per cent national average
- 65 per cent say their company doesn’t have the skilled personnel to implement cybersecurity or monitor for attacks (vs. 66 per cent nationally)
- 38 per cent (vs. 41 per cent nationally) agreed strongly that their company is “well-prepared” to defend against a cyberattack and 50 per cent (vs. 47 per cent, nationally) agreed somewhat
- 58 per cent don’t have a plan to address a potential ransomware attack (vs. 59 per cent nationally)
- Just 28 per cent agreed strongly that their employees are adequately trained and equipped to identify and report on potential threats, and 53 per cent agreed somewhat (vs. 31 per cent agreed strongly and 51 per cent agreed somewhat, nationally)
Twenty-nine per cent agreed strongly that they are considering using artificial intelligence (AI) to bolster cybersecurity and have “a good understanding” of the risks associated with it and how to manage them, while 44 per cent agreed somewhat. This is slightly below the national average of 32 per cent who agreed strongly and 48 per cent who agreed somewhat.
Over three-quarters (78 per cent) also believe generative AI is a “double-edged sword” that may help detect cyberattacks but also provide new attack strategies for adversaries or bad actors. This compares to 81 per cent nationally.
More insights from the KPMG survey are available here.
About the KPMG Private Enterprise™ Business Survey
KPMG in Canada surveyed business owners or executive level C-suite decision makers at 700 small-and-medium-sized Canadian companies between August 30 and Sept. 25, 2023, using Sago’s premier business research panel. A quarter of the companies surveyed have more than $500 million and less than $1 billion in annual revenue, a quarter have more than $300 million and less than $500 million in annual revenue, 23 per cent have between $100 million and $300 million in annual revenue, and 26 per cent have between $10 million and $50 million in annual revenue. No companies were surveyed under $10 million.
About KPMG in Canada
KPMG LLP, a limited liability partnership, is a full-service Audit, Tax and Advisory firm owned and operated by Canadians. For over 150 years, our professionals have provided consulting, accounting, auditing, and tax services to Canadians, inspiring confidence, empowering change, and driving innovation. Guided by our core values of Integrity, Excellence, Courage, Together, For Better, KPMG employs more than 10,000 people in over 40 locations across Canada, serving private- and public-sector clients. KPMG is consistently ranked one of Canada's top employers and one of the best places to work in the country.
The firm is established under the laws of Ontario and is a member of KPMG's global organization of independent member firms affiliated with KPMG International, a private English company limited by guarantee. Each KPMG firm is a legally distinct and separate entity and describes itself as such. For more information, see kpmg.com/ca.
For media inquiries:
Caroline Van Hasselt
National Communications and Media Relations
KPMG in Canada
(416) 777-3328
cvanhasselt@kpmg.ca
Roula Meditskos
National Communications and Media Relations
KPMG in Canada
(416) 416-549-7982
rmeditskos@kpmg.ca