Taking cybersecurity seriously: How data breaches are costing you and your customers

Cyber attacks are on the rise. Canadian companies need to do much more to protect their data.

Cybersecurity - Oct/Nov 2022

Cyber attacks are costing businesses — and their customers — big time. In a recently released study, IBM surveyed 550 companies and found that the average cost of a data breach is now $4.35-million (U.S.), an increase of 13 per cent since 2020.

The annual study titled Cost of a Data Breach Report, includes nuggets of intel that should cause sleepless nights for any Canadian CEO who hasn’t taken cybersecurity seriously enough. 

Canada ranks third in the world when it comes to the average cost of a data breach, which is estimated at $5.64-million (U.S.). And for the 12th year running, the health-care sector takes the top spot when it comes to the cost of data breaches, with finance and big pharma claiming second and third spots respectively. Of the companies surveyed, 83 per cent reported having more than 12 data breaches, with 60 per cent of breaches leading to consumer price increases. That’s the bad news. 

Now the good news. Those who deploy the latest data security tech and protocols can realize big cost savings while safeguarding customer and other sensitive data.

For example, companies with fully deployed security artificial intelligence (AI) and automation cut the cost of a data breach in half from those with no security AI in place.

Organizations with a dedicated incident response team saved $2.66-million per breach while extended detection and response technologies helped chop 29 days from the average 277 days it takes to detect and contain a breach.

COVID-19 prompted many Canadian businesses to make quick pivots to online commerce. That’s why last year the National Chambers Insight Community (composed of the provincial and territorial chambers of commerce) and the Canadian Centre for Cyber Security collaborated on the “Cyber Security and Business Survey,” which also found many Canadian organizations woefully unprepared to combat cyber attacks.

Two-thirds of Canadian businesses surveyed have experienced a cybersecurity incident, with the top incidents being phishing and malware attacks. Yet 74 per cent of them didn’t bother to report these data breaches.

Even more surprising, less than half of the nearly 470 organizations surveyed have an employee responsible for managing day-to-day IT security. Furthermore, two-thirds of businesses are not aware of federal government resources and tools to help them combat cybersecurity threats. 

“We are hopeful that the survey findings will result in new and innovative tools and resources to educate and prepare businesses for cyber threats so that they can operate confidently knowing that their people and assets are protected,” said Fiona Famulak, president and CEO of the BC Chamber of Commerce, in a press release after the report was released.

As these two reports clearly show, many Canadian organizations need to get their houses in order when it comes to cybersecurity. Cyber attacks are hitting the business bottom line and compromising customer and client data.

Tips for better cybersecurity

Identify Risks
Look at your business, your people and your processes and try to pinpoint risk areas. What’s most valuable — and potentially likely to be targeted — among your information and data?

Create Controls
Put in place measures and controls such as malware detection, security protocols and policies, training, data encryption, and asset and supply chain risk management.

Establish a Security Culture
Train staff to think in terms of cybersecurity and adopt safe practices. A strong security culture can go a long way toward keeping an organization safe.

Monitor and Improve
Install software or hire a service provider to monitor your network. They should watch for anomalies and potential cybersecurity incidents before they cause damage.

Create a Response Plan
If a cyber attack does occur, an incident response plan can lower your data breach costs. The plan should cover how you’ll investigate the attack, how you’ll communicate it to partners and customers and how you’ll notify third parties such as police, regulators or stakeholders.

Get Certified
Following a set of standards or getting a cybersecurity certification — such as ISO 27001 — will help ensure you have implemented the basics of cybersecurity. It will also signal to your customers and partners that you take security seriously and have invested in systems to protect customer data.

Source: Business Development Bank of Canada