Mario ToneguzziCanadian businesses reported spending $14 billion to prevent, detect and recover from cyber security incidents in 2017, which represented less than one per cent of their total revenues, according to Statistics Canada.

The federal agency reported on Monday that about $8 billion was spent on salaries for employees, consultants and contractors who worked on cyber security, while $4 billion was invested in cyber security software and related hardware. Several other prevention and recovery measures accounted for the remaining $2 billion of the total expenditure.

“Annual average expenditures on cyber security differed greatly based on size of business in 2017. Large businesses (250 employees or more) spent $948,000, medium-sized businesses (50 to 249 employees) spent $113,000 and small businesses (10 to 49 employees) spent $46,000,” said StatsCan.

“In 2017, just over one-fifth (21 per cent) of Canadian businesses reported that they were impacted by a cyber security incident which affected their operations. Large businesses (41 per cent) were more than twice as likely as small businesses (19 per cent) to have identified an impactful incident.

“Of those businesses that were impacted by a cyber security incident, 39 per cent could not identify the motive of the attack, while 38 per cent identified the motive as an attempt to steal money or demand a ransom payment. Just over one-quarter (26 per cent) of businesses experienced incidents where perpetrators attempted to access unauthorized or privileged areas, while 23 per cent faced an incident where there was an attempt to steal personal or financial information.”

StatsCan said 54 per cent of impacted businesses reported that cyber security incidents prevented employees from carrying out day-to-day work, while 53 per cent reported that incidents prevented the use of resources or services (for example, desktop computers or email). Close to one-third (30 per cent) of businesses faced additional repair or recovery costs, 10 per cent lost revenue and four per cent reported that they had to reimburse external parties or make a ransom payment in 2017.

Mario Toneguzzi is a veteran Calgary-based journalist who worked for 35 years for the Calgary Herald, including 12 years as a senior business writer.


cyber security

The views, opinions and positions expressed by columnists and contributors are the author’s alone. They do not inherently or expressly reflect the views, opinions and/or positions of our publication.