Site icon IT World Canada

Data breaches cost Canadian businesses $5.6 million on average, risk losing customer trust

Data Breach Graphic

Image from Shutterstock.com

The post-pandemic realities of increased digital transactions and more hybrid work are driving a spike in cybercrime, with breaches becoming more expensive across North America. Businesses of all sizes must take more proactive measures to protect their data and earn customer’s trust.

Cybersecurity is at a boiling point in Canada, with the rise of cybercrime since the beginning of the pandemic driving increased costs for businesses that also risk losing customers’ trust if they fail to protect their personal information, according to Mastercard’s Securing the Digital Economy report.

The pandemic saw digital transformation accelerate in all industries as we coped with the realities of avoiding in-person gatherings. That means businesses are more dependent on digital than ever, for everything from paying for a mortgage to picking up a coffee. Canadians are shopping online more often, with e-commerce accounting for nearly one-fifth of all retail in 2022. They’re also working at home more often, leaving business networks more vulnerable due to sub-optimal security practices. Unfortunately, it’s left networks more vulnerable than ever too, with cybercrime increasing 600 per cent since the pandemic’s start.

Simultaneously, the costs of a data breach are at an all-time high. In Canada, the average data breach costs more than C$5.6 million – more than $1 million higher than the global average, but still less than the U.S. average of US$9.4 million per breach. But the direct costs are only the beginning of the story.

Virtually all business leaders participating in the report who had been hacked say it impacted their business in some way. For 30 per cent, it resulted in the loss of customer data, 30 per cent had to hire security consultants, and 29 per cent signed up their employees for more security training. These costs are most likely to be passed on to the customer at the end of the day, with 60 per cent of organizations saying breaches led to price increases.

It’s regrettable that many of those customers choose to take their business elsewhere. Often, a loss of security leads to a loss of trust among customers. For 81 per cent of consumers, if they don’t trust a company to protect their data, they won’t buy from them, no matter how great their products are.

When it comes to cybercrime, no business is safe. Fraudsters follow the path of least resistance, and businesses less than five years old are more likely to report being hacked. Small and medium-sized businesses are targets of cybercrime just as much as larger enterprises, if not more so due to limited resources to defend themselves.

Unfortunately, many businesses are concerned about the threat, but don’t act on improving security until after an incident. Only about four in 10 businesses have ongoing vulnerability assessment tools implemented. It’s time to raise the bar on protecting customers with ongoing action – leaders are still relying on just the first line of defence to secure their perimeter when implementing long-term security solutions. Until they do, protection efforts will contain major gaps.

There are many easy to access programs offered by Mastercard’s partners, like the Canadian Federation of Independent Business Cybersecurity Academy and Digital Main Street’s Trust Centre, to help educate small businesses about mitigating cyber risks. But we’re also pioneering next-generation solutions that Canadian businesses can take advantage of to secure digital payments and bolster cybersecurity at our Vancouver-based Global Intelligence and Cyber Center of Excellence.

Looking for a new solution for digital identity could be part of the answer to preventing breaches. As the data shows, consumers are likely to re-use their passwords on multiple sites and don’t often change them. Replacing passwords with biometrics, 2 factor authentication based on identity such as a fingerprint or facial recognition, is one solution, but consumers are sometimes wary about the trade-offs they’re making when it comes to convenience versus privacy.

Consumers’ top worries today regarding their privacy relate to having their identity stolen after sharing information with a retailer, with 59 per cent concerned. Data breaches at companies where they shop also concern 53 per cent of consumers, and half are concerned about having personal data stolen through phishing.

Asked to consider what they are most worried about in the next five years, consumers say they’re most worried about their biometric data, such as a fingerprint or facial impression, being sold or misused, with about four in 10 concerned. As consumers begin encountering these types of security solutions more often, companies will have to work hard to build trust and hold up their end of the bargain in keeping personal data safe.

Building that trust can include simple actions to mitigate cybersecurity risk. Businesses should design security measures into their processes right from the start, and be proactive about cyber risk, with continuous vulnerability scanning. Employees should be regularly educated about cyber risks to help defend against the human element of attacks. Businesses can help consumers improve cyber security hygiene by providing multi-factor authentication, password expiry periods, and monitoring of account activity to detect fraud.

Building digital trust is ever evolving. It’s not just one program or single initiative that will check a box. It’s a consistent application of best practices and attention to the details that improve consumer safety.

About the research

In the fall of 2022, The Harris Poll, in partnership with Mastercard, conducted two large-scale surveys. The first, taken from October 26 to October 31, involved 4,009 individuals, of which 2,007 were from the U.S. and 2,002 were from Canada.

The second survey, conducted from November 9 to November 14, involved 502 business leaders, of whom 400 were from the U.S. and 102 were from Canada. To qualify for the survey, respondents had to be decision makers at their organization both generally and for security strategy, own a credit card or debit card that they use for business expenses, and work for a business with revenue of $10 million or more.

Exit mobile version