Canadian SMBs, employees criticized for poor cybersecurity practices

Share post:

Employees at small and medium-sized Canadian organizations have been given a “C” rating for their knowledge of cyber safety and awareness.

The rating comes from the Insurance Bureau of Canada, which, after surveying 1,525 workers at companies with fewer than 500 employees, concluded firms have been slow to adapt to increasingly frequent and sophisticated cyber attacks.

Among what the bureau called “startling” findings:

  • only a third of respondents (34 per cent) said their company provides mandatory cyber security awareness training;
  • only half of respondents said their organization has introduced multi-factor authentication;
  • only a quarter of respondents (24 per cent) said their employer conducts phishing email simulations to help promote cyber vigilance.

Just under three-quarters of respondents (72 per cent) said they have done something that could allow a cybercriminal to gain access to their company’s computer systems. For example:

  • 27 per cent said they use one password to access multiple websites they use for work;
  • 23 per cent access public Wi-Fi while using their work computer;
  • 19 per cent said they download software/apps on their work devices that were not provided by their employer;
  • 7 per cent allow family members or friends to use their work computer; and
  • 5 per cent share their work login or password by email or text.

The survey results, called a Cyber Savvy Report Card, were released in advance of October’s cybersecurity awareness month.

To help raise awareness, the bureau launched, to help small business owners and their employees better understand the threat of cyber attacks and what they can do to reduce their risk.

“Everyone has a role to play in reducing cyber threats in the workplace,” said Celyeste Power, the insurance bureau’s executive vice-president for strategic initiatives and advocacy. “While cyber insurance is an important backstop for businesses in the event of a cyber breach, it should be thought of as one component within a complete cyber risk mitigation strategy aimed at reducing an organization’s vulnerability to online threats.”

Employees may also underestimate the role they play in their organization’s cyber defences, the bureau said. It notes that 30 per cent of respondents said they don’t believe cybercriminals would target them at work, while 28 per cent of respondents said their employer is solely responsible for protecting their workplace from cyber threats.

Twenty-one per cent of respondents believe that most cyber breaches are minor and easy to resolve. “The reality,” the bureau said in a news release accompanying the results, “is that they can have a devastating financial impact.” Citing IBM’s latest annual cost of a data breach report, the bureau notes that in 2021, the average total cost of a data breach to Canadian organizations was an estimated $7.3 million.

The insurance bureau has a stake in the cybersecurity of customers with cyber insurance. As a result of rising claims and payouts, insurers have been raising premiums, restricting coverage, and demanding customers toughen their cyber defences, according to a global survey released last month.

The post Canadian SMBs, employees criticized for poor cybersecurity practices first appeared on IT World Canada.

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs


Related articles

Google Play introduces new biometric verification with a user warning

Google has recently announced updates to the biometric verification process for Google Play purchases, aiming to bolster security...

Cyber Security Today, Week in Review for week ending Friday April 19, 2024

On this episode Jen Ellis, co-chair of the Ransomware Task Force, talks about ways of fighting one of the biggest cyber threats to IT d

Cyber Security Today, April 19, 2024 – Police bust phishing rental platform, a nine-year old virus found on Ukrainian computers, and more

This episode reports on a threat actor targeting governments in the Middle East with a novel way of hiding malware is going international

Controversial expansion of US surveillance powers nears Senate vote

The US Senate is poised to vote on a significant expansion of Section 702 of the Foreign Intelligence...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways