Cybercrime and fraud cost Canadian companies more than $500-million in 2022
Cybercrimes against businesses are on the rise, and some of Canada’s smallest companies are the biggest targets.
As businesses moved online at the start of the pandemic, they found themselves holding onto more sensitive customer, employee and corporate data—and criminals took notice, leading to an historic rise in cybercrime. According to a recent study conducted by Mastercard, there has been a 600-per-cent rise in cybercrime and a 238-per-cent increase in cyberattacks since the pandemic.
While larger organizations typically have strong security protocols and internal cybercrime prevention teams, small businesses are often less prepared to prevent an attack, making them a primary target, the report states.
“Forty per cent of Canadian businesses have been the victim of a hack,” said Aviva Klein, vice-president of Digital Payments and Cyber & Intelligence for Mastercard Canada. “We also found that younger businesses — those with less than five years of maturity — are more likely to report being hacked, and as a result lose sensitive financial, employee, customer or payment information.”
The study found the average cost of a data breach in Canada is $5.64-million — $1-million more than global averages — with 99 per cent of victims agreeing the hack impacted their business operations. The most common ramification was a loss of customer data, while more than a third said the hack strained their relationships with vendors or customers. Cybercrime and fraud cost Canadians more than $500-million in 2022 alone, according to the RCMP.
“A lot of small businesses will say, ‘But I just have a small website, I don’t store any sensitive information, I don’t even have e-commerce on the website,’ but even those businesses are susceptible,” Ms. . Klein says. “If you have any kind of digital presence, you are a target for these fraudsters.”
According to the study, 92 per cent of business leaders have implemented security solutions or conducted a digital risk assessment at some point in time. But, only 39 per cent engage in continuing vulnerability assessments, which Ms. Klein says it is vital to managing a constantly evolving risk landscape.
That’s not the only way Canadian businesses can do more to protect themselves. Mastercard data also found that only 56 per cent of businesses use network firewalls, only 52 per cent have two-factor authentication in place, and half or less employ antivirus software, fraud protection tools or have cybersecurity-specific insurance.
“Many businesses will not survive a cyber-attack and will go out of business,” Ms. Klein warns. “So, we really encourage businesses — particularly small and young businesses — to invest in security tools and processes right from the start.”
Ms. Klein adds that improving cybersecurity doesn’t necessarily have to come at a high cost, as some of the most effective solutions require only a change in security habits. Maintaining strong password hygiene, using two-factor authentication, enabling automatic software updates and conducting regular security checks are all effective ways to dramatically reduce the risks. “There’s a lot of common-sense hygiene things businesses can do to protect themselves,” said Ms. klein.
most of all Klein believes it’s important for business owners to be aware of the risks, and to not let themselves get lulled into a false sense of security, assuming their business is too small or insignificant for cyber criminals to target.
Ms. Klein adds that there are many easy to access programs offered to small businesses that educate and help them safeguard against an increasing volume of cyber attacks like the Canadian Federation of Independent Business Cybersecurity Academy and Digital Main Streets’ Trust Centre. Both deliver digital lessons to small businesses and their employees while helping them assess their level of cyber readiness and provide actionable recommendations to help mitigate existing risks.
“For young businesses it’s about starting on the right foot from day one, and engraining cybersecurity tools into the business,” she says. “That not only ensures protection, but it also gives businesses an opportunity to show consumers how important their data, privacy, and security are to them.”
Strong cybersecurity practices can provide businesses with an additional selling point. The Mastercard study revealed that 81 per cent of consumers won’t buy from companies they don’t trust with their data, no matter how great their products are, and 46 per cent of Gen Z consumers have already stopped interacting with a company because of a data breach.
“The world is only getting more complex, more advanced, and at the same time customers are less patient — they want things faster and with less friction. There is a convergence there that is ripe for criminal activity,” she says. “Being aware of what the risks are when you operate in a digital environment is key in preventing attacks.”
Ms. Klein added that small-business ownership is difficult, and few entrepreneurs have the capacity to make cybersecurity a primary focus — nor should they have to. What’s important is that they remain aware of the risks, maintain best practices, and lean on partners who have a proven track record in cyber-crime prevention.
“Mastercard safeguards consumer data, we protect points of interconnection across our ecosystem, and we take a forward-looking approach to mitigate the risks we face today and the ones that might arise in the future,” Ms. Klein says, adding that many of the most advanced technologies protecting Canadian businesses from cyber-attacks were pioneered right here in Canada, at Mastercard’s Global Intelligence and Cyber Center of Excellence in Vancouver. “In Canada we’re committed to the advancement of solutions in cybersecurity to reduce the cost of attacks, and we’re really focused on enabling connected devices to become tomorrow’s secure payment tools.”
Advertising feature produced by Globe Content Studio with Mastercard. The Globe’s editorial department was not involved.