Site icon IT World Canada

More than half of attacked Canadian firms paid cyber ransoms: Survey

graphic of data lock

Image by Danil Melekhin via GettyImages.ca

Just over half of surveyed Canadian organizations hit by ransomware or malware have paid the amounts demanded by cybercriminals.

That’s one of the findings of a poll released this morning of 491 medium and large companies, conducted last October for the Quebec-based IT services firm NoviPro.

The respondents included 288 IT decision-makers, 97 decision-makers who do not work in IT, 81 decision-makers who are neither directors nor IT and 25 NoviPro clients.

Of the companies that paid a ransom, one in three retained the services of a negotiator, while 23 per cent proceeded without the help of an intermediary.

“As an entrepreneur, I am very concerned that so many organizations are paying a ransom,” Yves Paquette, co-founder and chief executive officer of NoviPro said in a statement. “Companies need to be proactive in preventing cyberattacks, otherwise the impact will be devastating to them and their customers. If organizations invested even a fraction of the potential cost of an attack, they could easily put systems in place to guard against such fraud. In the physical world, you’d employ a detachment of guards to protect something with a seven-figure value, however, there still seems to be a disconnect when the ‘something’ is digital.”

Among other findings

This was the sixth edition of the Canada-wide study examining IT trends and the state of technology in large and medium-sized Canadian businesses, including AI and cybersecurity investment plans, perception of IT infrastructure, the “great resignation” and cloud computing.

In an interview, Paquette said that if organizations had put 10 per cent of what they paid in a ransom towards improving cybersecurity they would lower the odds of being victimized. And they don’t necessarily have to make large expenditures in hardware and software, he added. Sometimes it’s enough to review and update the firm’s cybersecurity practices. Increasing cybersecurity training of employees is also relatively inexpensive. What’s vital, he said, is that cyber training be regular. It’s also vital that it be part of the onboarding process for new employees. Having an up-to-date inventory of all corporate data so IT  and management know what needs to be protected is also relatively inexpensive, he added.

Finally, it doesn’t cost much to make sure only those staffers who need privileged access to data should have it, he said.

The full survey results are available here. Registration is required.

Exit mobile version