A survey conducted by Statistics Canada has revealed that the cost of cybercrime has significantly increased, placing a heavy financial burden on businesses. The survey, titled “The Changing Landscape of Cyber Security Following the COVID-19 Pandemic,” discovered that the average cost of dealing with a cybercrime rose to $19,000 in 2021, compared to $11,000 just two years earlier.
Large businesses with over 250 employees experienced even higher costs, with an average of $172,000 in 2021, a significant increase from $73,000 in 2019. Despite this increase in costs, the survey found that the frequency of cyber security incidents had slightly decreased, with 18 percent of businesses reporting such incidents in 2021, down from 21 percent in 2019.
The survey also highlighted the rise in cybercrimes against individuals, which continued to increase. The report suggested that this could be due to changes in the strategies of cybercriminals or the fact that businesses have better tools to identify and intercept malicious cyber activities compared to individuals.
While the survey revealed a decline in attacks such as hacking passwords and exploiting network vulnerabilities since 2019, it also found an increase in other types of money-making attacks, including fraud, scams, ransomware, and identity theft. Identity theft saw the largest increase, accounting for 20 percent of all reported cybercrimes, with a 6 percent jump compared to 2019.
The Canadian Centre for Cyber Security (CCCS) emphasized ransomware attacks as particularly detrimental to organizations. These attacks, defined as the use of malicious software to encrypt, steal, or delete data, followed by a demand for ransom payment, are considered the most disruptive form of cybercrime. The CCCS warned that cybercriminals deploying ransomware have become increasingly sophisticated and will continue to adapt to maximize their profits.
The survey attributed the evolving cybercrime landscape to the growing number of businesses conducting their operations online. With a third of businesses receiving orders or making sales over the internet in 2021, up from 25 percent in 2019, there has been an increase in opportunities for businesses but also a rise in vulnerabilities.
Prevention and detection expenditures have also risen by 46 percent, with an average cost of $52,000 per company. Large companies spent over $1 million on cybercrime prevention in 2021, compared to $667,000 in 2019. Even small companies with 10-49 employees doubled their spending on cybercrime prevention, reaching an average of $19,000 in 2021.
However, the survey found that approximately 40 percent of companies were not investing in cybercrime prevention measures. The report highlighted that consumer awareness of cyber threats played a role in motivating businesses to invest more in cyber defenses and policies. The 2020 Canadian Internet Use Survey showed that one-quarter of Canadian individuals were highly concerned about cyber security or privacy threats when using online shopping platforms.
This increasing awareness of cybercrime comes amid a surge in fraud and cybercrime incidents in Canada. The Canadian Anti-Fraud Centre, composed of the RCMP, Ontario Provincial Police, and the Competition Bureau Canada, reported a record-breaking year in 2022, with cybercrime reports totaling $530 million in victim losses, a rise of nearly 40 percent from 2021. Unfortunately, it is estimated that only 5 to 10 percent of people actually report fraud cases.
In summary, the survey by Statistics Canada demonstrates the rising costs and burdensome consequences of cybercrimes for businesses in Canada. While the frequency of attacks has slightly decreased, the types of attacks and the sophistication of cybercriminals continue to evolve. As businesses increasingly operate online, prevention and detection measures become crucial in mitigating cyber risks. However, a significant portion of companies still neglect to invest in protecting themselves. The growing awareness of cyber threats by consumers and the alarming increase in fraud and cybercrime incidents further highlight the urgent need for businesses to prioritize cyber security.