KPMG: Canadian Firms Have Strong Cybersecurity Protocols

According to a new survey conducted amid growing public concern about cyberattacks, only half of firms feel extremely confident in their ability to detect and prevent a significant cyber compromise.

KPMG: Canadian Firms Have Strong Cybersecurity Protocols
KPMG: Canadian Firms Have Strong Cybersecurity Protocols | Image credits: Expleo

Only half of small and medium-sized Canadian businesses (56%) really evaluate the effectiveness of their cyber-defenses, and less than two-fifths believe they can fully detect and fend off cyber-attacks, according to new Canadian research from KPMG.

Small and medium-sized Canadian businesses (94%) claim they monitor for potential cyberattacks, according to Yahoo! Finance. The KPMG 2021 Cyber Security Poll recently polled 1,000 Canadians and 1,000 business owners or decision makers about how well companies can defend themselves against the growing threat of cyberattacks and meet customer expectations.

When it comes to preventing cyberattacks, just a small percentage of firms have integrated cyber security into their governance and management procedures. One third of companies think cyber security is "deeply embedded," and another third are "very confident" that they can detect an cyberattack and respond appropriately.

Hartaj Nijjar, Partner, Cyber security, KPMG in Canada stated, "While many businesses have access to many of the cyber security tools they need, it is critical that they integrate them into their operations at every level, as an attack can come from anywhere," [...] "If you don't have the right security controls embedded by design, you'll be more exposed."

He added that increasing cybercrime mandates that Canadian businesses prioritize both their own and their clients' data. Consumers are more aware of the risks and hold firms accountable for protecting their personal data. Our polling shows that businesses can strengthen their cyber security culture.

Key findings:

  • Most people (39%) are very confident or somewhat confident that they can detect and respond to a cyberattack. The remaining 2% are not the least bit confident.
  • 94% of small and medium-sized businesses said they are on the lookout for cyberattacks on their environment.
  • Only 38% of companies say that cybersecurity is firmly embedded in all areas of their business. All areas of governance and management processes, including cybersecurity, are integrated in these companies, and the head of cybersecurity plays a critical role in the company.
  • Compared to 44% of companies that have conducted or are conducting cybersimulations on a regular basis, 56% have and use detailed playbooks.
  • The majority of companies (48%) plan to increase their cybersecurity spending by up to 20% in the next year, while one-third of companies plan to increase their cybersecurity spending by less than 5%.
  • Fifty-six percent of respondents said cybersecurity is embedded to some degree, meaning it is embedded in parts of governance and management practices, but not all.

The Delvinia online research platform Methodify was utilized by KPMG from September 1-13 to poll 1,001 Canadians and 253 SMBs. There were 37.5% of businesses with revenues between $10m and $49.9m, 25% with revenues between $50m and $99.9m, and 38% with revenues of $100m or more in 2013.