Cybersecurity survey by Canadian law firm offers surprising results

When Imran Ahmad got the results of his law firm’s recently-commissioned corporate cyber incidents report he was surprised.

Data showed just over half of Canadian organizations hit by ransomware last year paid cyber criminals to get decryption keys for restoring scrambled data.

The surprise? Ahmad, a partner in the cyber and privacy practice of national law firm of Blake, Cassels & Graydon, is sure more are paying.

“We believe that number [of Canadian firms paying ransom] has gone up materially since COVID-19 happened,” he said in an interview. “I thought the number would have been higher even before COVID because of the number of cases where clients call us and say, ‘We’re ready to pay. What do we do now?'”

One reason he thinks firms recently are giving in is that with more employees working from home more computers that connect remotely to the network are getting infected with malware. Consequently, some organizations believe the restoration of data will be “extremely difficult” even though they have good backups. Paying for decryption keys, management believes, will get operations back to normal faster.

Ahmad also suspects the number of ransomware incidents will increase after the pandemic crisis eases and staff return to their offices and plug their laptops back into the network.

The law firm launched the study to get more current information about cybersecurity incidents — defined as a breach of security controls — than is available now. In addition, Ahmad said, clients want answers to questions like should they pay a ransom, should they call police if they suffer a cyber incident and should they buy cyber insurance.

(Not unless they have to, yes and yes, said Ahmad — although when buying cyber insurance pay attention to the terms.)

The report is broken into three parts: A survey of cybersecurity forensic firms that responded to more than 250 cybersecurity incidents across Canada from January to October 15, 2019; a review of publicly released data by the federal, Alberta and British Columbia privacy commissioners’ offices up to November 1, 2019; and a review of various public-disclosure documents (including annual reports, annual information form, management discussion and analysis, management information circular and final long-form prospectus) of the 790 corporate issuers listed on the Toronto Stock Exchange (TSX) for cybersecurity-related disclosure statements.

Among the findings:

  • 33 per cent of organizations that suffered a cyber incident had their operations disrupted.
  • 25 per cent suffered primarily a financial loss.
  • 21 per cent suffered an impact on their relationships with partners.
  • Approximately half of organizations took over two weeks to recover from a cybersecurity incident. Almost a quarter needed more than a month.
  • Only 31 per cent reported incidents to police.

Another finding that surprised Ahmad was that only 29 per cent of organizations that suffered a cyber incident had an effective incident response plan that they followed. “I thought it would be a higher number,” Ahmad said. “Aside from the fact that few had a plan, what surprised us was that among organizations that did have a cyber plan they did not have one that was really practical or user friendly. They would have very complex ones.

“You want a simple flexible plan — maybe no more than a dozen pages or so — with all the key contacts so you can deal with a situation in real-time. What we saw was organizations that had a ‘brick-type’ of response plan where everything that is possible is contemplated, and nobody consulted it because it’s so complicated — and it wasn’t tested.”

There’s a link to the full report here. Registration required.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now