Canadian IT company, NOVIPRO, today unveiled its sixth annual IT Portrait of Canadian Businesses in collaboration with Leger, which revealed the deep vulnerability of Canadian companies to computer attacks. The study reveals that more than half (56%) of organizations targeted by malware have paid the amounts requested by cybercriminals. Of these, one of three companies (33%) retained the services of a negotiator, while 23% proceeded without the help of an intermediary.

And why wouldn’t they pay? Data is a valuable commodity. Sixty percent of companies have sensitive customer data (e.g. confidential information, credit card numbers, social insurance numbers, etc.) and nearly one third (28%) value their information assets (data, people, processes, recipes, etc.) at more than $1 million.

“As an entrepreneur, I am very concerned that so many organizations are paying a ransom,” says Yves Paquette, co-founder and CEO of NOVIPRO. “Companies need to be proactive in preventing cyberattacks, otherwise the impact will be devastating to them and their customers. If organizations invested even a fraction of the potential cost of an attack, they could easily put systems in place to guard against such fraud. In the physical world, you’d employ a detachment of guards to protect something with a seven-figure value, however, there still seems to be a disconnect when the ‘something’ is digital.”

Hybrid work breeds concerns about cyberattacks
Our time in the pandemic has revived security concerns. Nearly half (43%) of respondents are more concerned about a breach since the introduction of hybrid work, prompting most organizations (76%) to take the time to review their security practices, whether it’s providing training to employees (32%), developing a telecommuting policy (31%) or investing in software (29%), to name a few.

Reflecting the feedback from 2020, companies that are victims of cyberattacks once again admit that their employees are the largest source of cyber threats (53%). Of these, 31% are motivated by malicious intent and 22% unintentionally trigger an attack by clicking, for example, on a fraudulent link. Despite this, the percentage of organizations that have trained their teams have continued to steadily decrease for the past three years. Only 40% of respondents plan to offer training to their teams on this topic next year.

“The pandemic has forced companies to focus their energies on operational emergencies,” explains Dominique Derrier, Chief Information Security Officer of NOVIPRO. “We see that in 2021 they are more aware of computer threats, but are slow to take significant action. It is imperative that organizations apply the latest infrastructure and engage the right experts to ensure their IT security. Not only are their operations at stake, but their reputations as well.”

Additional findings included:

  • Work-from-home means cloud computing is here to stay
    While the fifth edition of this study found a marked acceleration in cloud adoption by Canadian businesses due to COVID-19, the 2021 data shows that the trend continues. No doubt a sign that telecommuting or telework is becoming permanent, a third of respondents (33%) cite it as one of the reasons IT professionals encourage or would encourage companies to opt for cloud computing.

  • Attraction and retention are the challenges of the day
    Not surprisingly, the difficulty of attracting qualified resources (43%) and the retention of key personnel (39%) are the major challenges for human resources in the IT field. The pandemic has exacerbated these issues as more than a third of organizations have struggled to attract skilled talent (45%), retain key resources (36%) or engage and motivate teams (31%).When the pandemic struck in 2020, more than half of companies wanted their employees to work from home for more than three days per week. One quarter of respondents also intended to allow full-time remote work. Practices have continued to evolve in this area, with 52% of companies having reduced the number of days employees are authorized to work from home in 2021.

  • AI investment is down
    More cautious since the pandemic, companies are forecasting less technology investment in the next two years (80%) compared to 2020 (88%); Ontario companies (85%) are planning to invest the most in the next two years. For the second year in a row, investment plans in advanced data analytics and artificial intelligence are declining, falling to 18%, from 29% in 2020. If Quebec was among the leaders in this sector before the pandemic, it is now the Canadian province with the least focus on AI, while British Columbia (24%) is in first place for the first time in six years.

  • Renewed trust in IT teams
    The survey shows that 40% of companies have more confidence in their IT team when it comes to security in the wake of COVID-19.

Provincial Variations
While Canadian businesses from coast-to-coast have concerns about ongoing issues with cyberattacks, there are also some interesting regional highlights and differences on the topic:

  • Quebec (70%) companies were less likely to review security practices due to the pandemic compared to Ontario and British Columbia organizations (82% respectively) in 2021.
  • Over half of Ontario businesses (56%) are more afraid of a cyberattack since the implementation of hybrid work, compared to Quebec (32%) who are less concerned.
  • 25% of respondents say they have already been victims of a computer threat, similar to the previous year. Quebec (24%) was the most affected province in 2020, however Ontario (29%) has overtaken this spot in 2021.
  • Only 12% of Canadian companies view their IT as a necessary evil, with Ontario businesses having the highest proportion at 17%.