Since its first edition in 2016, the NOVIPRO/Léger annual IT Portrait of medium and large sized Canadian businesses has become a reference for organizations. The 2021 Portrait shows that while these companies believe that the risk of cyberattacks occurring has increased, they have been putting off taking the appropriate action to counter that risk.
Due to the COVID-19 pandemic, companies have been forced to focus on maintaining their business and put increasing data security on the back burner. However, businesses surveyed in our annual study admitted that they fear cyberattacks more than ever. Our 2021 IT Portrait reveals that more than half (56%) of organizations targeted by malware have paid the amounts requested by cybercriminals. Of these, one in three companies (33%) retained the services of a negotiator, while 23% proceeded without the help of an intermediary.
As an entrepreneur, I am very concerned that so many organizations are paying a ransom. Companies need to be proactive in preventing cyberattacks, otherwise the impact will be devastating to them and their customers.
Many respondents view remote work as a potential exposure to cyber threats. For example, almost half (43%) of respondents are concerned that implementing hybrid work will lead to a greater number of security breaches, and the majority (76%) of them have revised their security practices.
Regional differences were noted in the results regarding this issue. For instance, more companies in Ontario (56%) than in Quebec (32%) view remote work as a security risk for their computer systems.
However, these concerns do not seem to have prevented Canadian businesses from turning to remote work, nearly 9 out of 10 companies (88%) intend to authorize it. One sign that remote work is here to stay is the increasing adoption of cloud computing. A third of respondents (33%) cite it as one of the reasons IT professionals encourage or would encourage companies to opt for cloud computing.
According to the results of this Portrait, companies have been more cautious since the pandemic began; they have been forced to focus more on operational solutions, often to ensure the survival of their business. This explains the decline in the technology investments planned over the next two years (80% in 2021 vs. 88% in 2020). Advanced data analysis or artificial intelligence (AI) solutions were on the rise before 2020, but companies are now much less likely to consider AI a priority. For the second year in a row, investment plans in advanced data analytics and artificial intelligence are declining, falling to 18%, from 29% in 2020. If Quebec was among the leaders in this sector before the pandemic, it is now the Canadian province with the least focus on AI, while British Columbia (24%) is in first place for the first time in six years.
With the recent “Great Resignation” and the growing labour shortage, companies would benefit from an increased use of value-added solutions, such as advanced data analytics and automation so that they can focus on strategic hiring.
The decline in investments reflects Canadian companies’ inaction in dealing with cyber threats. Although they were more aware of these dangers in 2021, they have been slow in implementing state-of-the-art infrastructure, training their employees and employing IT security experts.
The consequences of a cyber attack on businesses are well known: injury to reputation and business disruption, resulting in lost revenue in addition to the money spent on ransom payments.
Canadian companies must therefore be proactive in protecting themselves, which will also give them a strong competitive advantage. Otherwise, a series of cyber threats could have devastating effects on our economy.
The cost of IT security is not as high as one might think. For example, by investing only a fraction of the potential cost of a cyberattack, a company’s IT system would be protected against such an attack.
In any case, governments will sooner or later make it mandatory for companies to implement IT security measures. This has already begun in Quebec, where Bill 64 (An Act to modernize legislative provisions as regards the protection of personal information) was passed last year. Under this law, companies in the province must appoint a personal information agent by September 2022 and implement a confidentiality incident response plan. All companies, regardless of their size, must disclose any incident in order to mitigate its consequences. Now, more than ever, Canadian companies must take action immediately.