Cyber threats are a growth industry and cyber resilience is a business imperative.
In a 2023 KPMG survey of 73 small and medium-sized businesses in metro Vancouver and Vancouver Island, 55% reported suffering a cyberattack in the previous year, and 54% had paid a ransom to unlock their computers within the previous three years.
These numbers track with national and global trends quantifying the increasing threat of cyber attacks. A 2024 national survey by KPMG reported a nearly 10% jump in cyberattacks between 2023 and 2024. Canadian business leaders rank cybersecurity as the number one threat to their growth, the survey found.
“If it were measured as a country, then cybercrime would be the world’s third largest economy, behind the U.S. and China,” says Steve Morgan, founder of Cybersecurity Ventures and editor-in-chief at Cybercrime magazine. Cybersecurity Ventures predicts that cybercrime will cost the world US$1 trillion per month by 2031, up from around $1 trillion per year in 2020.
The best defense for businesses is two-pronged: strengthen your system and transfer as much of the risk as possible.
Strengthen your system
In the ever-evolving landscape of cyber security, staying one step ahead of potential threats is paramount, according to TLC Solutions, a Vancouver-based IT service provider.
- First, define roles and responsibilities. Your business should have at least one person handling cyber security. This person would be responsible for learning about threats, trends, and security options and then implementing best practices.
- Undertake an assessment to identify vulnerabilities. For small businesses at the early stages of this assessment process, and which don’t have a dedicated IT team, resources such as the Get Cyber Safe Guide can get you started.
- Get professional advice. Arrange for a service provider to make required upgrades and then remotely manage your organization’s IT infrastructure, cyber security, and other related business operations.
- Invest in resilience. Factor in the costs of ongoing cyber security when preparing annual business plans and budgets.
“Every year the cyber-threat landscape grows more complex,” states the National Cyber Security Centre, a U.K.-based cybersecurity resource. “In 2024 it is best characterized as ‘diffuse and dangerous’. We face a spectrum of threats where persistent activity by capable hostile states compounds the acute challenges posed by organised crime.” Professional oversight and advice are sound investments in your business’s future.
Transfer your risk with insurance
Just as with your home or any other asset, performing ongoing upkeep maintains your property in the best insurable condition and helps you get the best coverage and rates. The same is true with your IT system.
When applying for cyber insurance, the application will ask:
- Have you suffered any cyber incidents in the prior three years that resulted in a claim of $25,000 or more?
- Do you implement encryption on desktop and laptop computers and other portable devices?
- Do you collect, process store, transmit, or have access to any payment card information, personal information, or personal health information other than that of your employees?
- For which services do you enforce multi-factor authentication?
- Do you maintain at least weekly backups of all sensitive or otherwise critical data and all critical business systems offline or on a separate network?
- Do you require a secondary means of communication to validate the authenticity of funds transfers before processing a request over $25,000?
- Have you been subject to any complaints concerning the content of your website, advertising materials, social media, or other publications?
- Do you enforce procedures to remove content (including third-party content) that may infringe or violate any intellectual property or privacy rights?
Your answers to these questions provide a quick indication of your cyber-readiness. By making your cyber defenses a priority, you’ll gain a robust system that operates safely and efficiently. Achieving operational resilience with professional oversight and cyber insurance will provide peace of mind and allow you to concentrate on the core activities of your business.
