New CIRA data finds cyber crime is driving customers away from impacted Canadian businesses

Reports of reputational damage to organizations due to cyber attacks have quadrupled since 2018


OTTAWA, Ontario, Oct. 01, 2024 (GLOBE NEWSWIRE) -- Trust is hard-earned and easily lost; a lesson many Canadian organizations learned the hard way this year as cyber attacks impacted their businesses. Forty-four per cent of organizations reported experiencing a cyber attack in the last 12 months and more than a quarter of the 500 cybersecurity professionals surveyed, said that it had hurt their organization’s reputation (28 per cent) and cost them customers (26 per cent). The reports of reputational damage have quadrupled from six per cent in 2018.

In light of the financial and reputational impacts on their organizations, the latest edition of CIRA’s annual Cybersecurity Survey finds strong support (77 per cent of respondents) for government legislation like Bill C-26, An Act Respecting Cyber Security, to shape cybersecurity in Canada. Despite organizations claiming they typically pay $25,000 to $100,000 in ransomware, three-quarters (74 per cent) support legislation that would prohibit ransom payments. 

The volume of incidents in 2024 has led more organizations to seek cybersecurity insurance. More than 8-in-10 (82 per cent) organizations have cybersecurity insurance coverage, up from 59 per cent in 2021. In response, leading providers have implemented more restrictive measures; most organizations with a policy indicate that their provider has changed their coverage. Changes include verification of current security measures (39 per cent), increased premiums (38 per cent), changed eligibility criteria for obtaining/renewing coverage (37 per cent) and reduced reimbursement amounts for ransomware attacks (30 per cent). 

“Cybercrime is affecting relationships in every corner of the supply chain and organizations are waking up to the liabilities and risks they face. Customers demand businesses safeguard their data and organizations want to ensure that those they work with have proper cybersecurity measures in place,” said Jon Ferguson, Vice President, Cybersecurity & DNS, CIRA. “Across all sectors, organizations are taking proactive steps—the focus now needs to be widespread adoption, otherwise Canadians pay the price.”

On the AI front, a staggering 70 per cent of organizations expressed worry about potential cyber threats stemming from AI technology. Of particular concern were data gathered by AI tools and the proliferation of improved phishing emails and texts. On a positive note, more than half of the organizations surveyed have integrated AI tools into their workflow and operations, recognizing the advantages that AI brings to cybersecurity.

The full findings are featured in this year’s survey report.

Key findings

  • Cybersecurity in the news: just over 4-in-10 (43 per cent) respondents say their organization has made changes to its cybersecurity approach in response to news about major cyber attacks.
  • Ransomware: over one quarter (28 per cent) of professionals report that they have been the victim of a successful ransomware attack in the last 12 months, up from 17 per cent in 2021. Of those, 79 per cent indicate that the organization paid ransom demands.
  • Reputational damage: 28 per cent report damage to their organization’s reputation as an impact, compared to only six per cent in 2018 and 19 per cent in 2022.
  • The AI threat: 7-in-10 (70 per cent) of respondents are worried about potential cyber threats from generative AI. Organizations are most concerned about data gathered by AI tools (61 per cent) and improved phishing emails and texts (56 per cent).
  • The AI advantage: more than half (57 per cent) of cybersecurity professionals say their organization has integrated AI tools into its workflow and operations, up from 44 per cent in 2023.
  • Who's attacking whom: organizations are most likely to perceive profit-motivated cyber criminals as the biggest potential threat (60 per cent), followed by cyber criminals motivated by nationalist beliefs (33 per cent) and foreign state actors (32 per cent).

Additional resources

About CIRA

CIRA is the national not-for-profit best known for managing the .CA domain on behalf of all Canadians. As a leader in Canada’s internet ecosystem, CIRA offers a wide range of products, programs and services designed to make the internet a secure and accessible space for all. CIRA represents Canada on both national and international stages to support its goal of building a trusted internet for Canadians by helping shape the future of the internet.

Media contacts
Delphine Avomo Evouna
Communications Manager, CIRA
613.315.1458
delphine.avomoevouna@cira.ca