Cyberattacks will grow in frequency and severity in Canadian businesses suggests study

Published: February 10, 2017

Updated: July 24, 2018

Author: Luke Jones



Cyberattacks are becoming more sophisticated and severe, while the frequency of attacks is on the rise, according to a new report. Scalar Decisions Inc. says Canadian companies are at an increased risk from such attacks, with the number of cyberattacks rising to 44 confirmed attacks per year.

The IT solutions provider, focused on security, infrastructure and cloud, published the findings in its 2017 Scalar Security Study. The study was conducted independently by Ponemon Institute after being commissioned by Scalar Decisions. In the survey, Ponemon included 650 Canadian IT and security workers.

Among the results of the study is a growing certainty that more cyberattacks will happen. Consequently, Canadian companies are becoming increasingly unconfident in their abilities to stop such events. The study shows a decline in the number of organizations that believe they are winning the war on cybercrime.

For the third year in a row, confidence decreased after the number of attacks increased. The 44 cyberattacks reported last year is a 30% increase compared to the first survey back in 2014. 82 percent of respondents says the severity of attacks has increased, while 72 percent claim the number of attacks has grown.

“IT leaders are under pressure right now, feeling like there is a deficit of properly trained personnel available in the workforce,” said Ryan Wilson, chief technology officer, security, with Scalar Decisions, in a press release. “This has led to a distinct lack of in-house expertise, which is critical to a strong cybersecurity posture for Canadian companies. The increase in incidents and decreasing confidence we are seeing coincides with the growing sophistication, severity and cost of attacks.”

Other findings of the study include:

  • 41% of respondents indicated their organization had systems in place to deal with advanced persistent threats (APT), up from 38% last year;
  • The most frequent compromise continue to be web-borne malware attacks (76%), followed by rootkits (67%);
  • Threats on the rise for 2017 including spear phishing, exploits of existing software vulnerability greater than three months old and botnet attacks;
  • Among some of the biggest threats, there have been slight decreases in web-borne malware attacks, APTs, clickjacking, exploits of existing software vulnerability less than three months old and zero day attacks since 2016;
  • Mobile devices (75%) and third party applications (70%) were identified as the greatest potential risks threatening their company’s IT environment;
  • Negligent third party risk has increased significantly since last year along with negligent insider risk;
  • Only 21% of respondents faced with ransomware report incidents to law enforcements, with the most common reaction currently being to “simply pay the ransom”; and
  • On average, organizations represented in this study spent approximately $7.2 million on the following to remediate cybersecurity compromises: clean up or remediation ($873,448), lost user productivity ($963,663), disruption to normal operations ($1.2 million), damage or theft of IT assets and infrastructure ($1.7 million) and damage to reputation and marketplace image ($2.5 million).

“The overall picture being painted by the study’s results is the need for enterprise-wide adoption of cybersecurity strategy, and the investment in both technologies and individuals with hands-on experience,” added Wilson. “Organizations need trained personnel who understand how to react when faced with threats such as ransomware, spear fishing, and increasing incidents of rootkits.”