- 51 per cent of 78 SMBs surveyed in Alberta say they were attacked by cybercriminals in the past year, compared to 63 per cent nationally
- 55 per cent paid a ransom within the past three years (vs. 60 per cent nationally)
- Only 44 per cent say that cybersecurity is a “business priority” (slightly higher than the 38 per cent national average)
- 65 per cent say that their legacy systems or infrastructure – that is, their information and/or operational technology – make their company vulnerable to cyberattacks (vs. 71 per cent nationally)
- 57 per cent say their company doesn’t have the skilled personnel to implement cybersecurity or monitor for attacks (vs. 66 per cent nationally)
- Just 28 per cent agreed strongly that their company is “well-prepared” to defend against a cyberattack and 54 per cent agreed somewhat (vs. 41 per cent agreed strongly and 47 per cent agreed somewhat, nationally)
- Only 29 per cent agreed strongly that their employees are adequately trained and equipped to identify and report on potential threats, and 47 per cent agree somewhat (vs. 31 per cent agreed strongly and 51 per cent agreed somewhat, nationally)
- 53 per cent don’t have a plan to address a potential ransomware attack (vs. 59 per cent nationally)
- 82 per cent believe a senior executive or someone on their board should be responsible for cybersecurity (vs. 81 per cent nationally).
“While our survey indicates similar findings across Alberta-based entities and nationally, fewer Alberta companies are prepared to defend cyberattacks,” says Mr. Gupta. “This is worrisome because a cyber breach can be costly, impair their operations, and also damage their reputation. This is why it’s so important to take proactive, preventative measures, such as training employees how to identify phishing attacks and deploying measures to restrict access to segments of network based on the defined role of the employee.”
“While many SMBs don’t think they can afford to add full-time cyber teams, they can’t leave their operations exposed to criminals. They need to regularly assess their vulnerabilities and take action to enhance their cyber resilience.”
Nearly thirty per cent (30 per cent) agreed strongly that they are considering using artificial intelligence (AI) to bolster cybersecurity and have “a good understanding” of the risks associated with it and how to manage them, while 47 per cent agreed somewhat. By comparison, nationally, 32 per cent agreed strongly and 48 per cent agreed somewhat.
But eight in 10 (78 per cent) also believe generative AI is a “double-edged sword” that may help detect cyberattacks but also provide new attack strategies for adversaries or bad actors. This compares to 81 per cent nationally.
“AI and machine learning can help detect abnormalities and potential vulnerabilities to warn users of potential threats,” says Mr. Gupta. “But while companies are just starting to harness AI for good, unfortunately bad actors are also already using AI to make their attacks more real. As we wrap up Cybersecurity Awareness Month, it’s important to acknowledge along with adoption of new technologies, the security and governance aspects also need to be addressed.”
Mr. Gupta is hosting a Cyber Challenge hackathon today for university students at Platform Calgary focused on operational technology exercises.
KPMG last month completed the acquisition of Calgary-based IMagosoft, solidifying the firm’s presence in identity and access management service space.