Businesses are facing increased costs due to ransomware attacks that are reportedly on the rise according to some quarters. These costs include undertaking forensic investigations, data recovery, legal fees, and financial fraud. This is besides the cost that some have had to pay to the hackers as ransom and in updating their security in the aftermath.
According to a fact sheet titled How to Protect Against Ransomware, as much as 24% of Canadian businesses have suffered a ransomware incident in the last year. 25% of businesses also reported that such attacks resulted in reputational damage with their suppliers and/or clients.
Statistics Canada on the other hand reported that a lower 18% of Canadian businesses suffered cybersecurity incidents during the last year. This is lower than the 21% that reported the same in 2019. StatCan found that the majority of the incidents involved the theft of money, theft of personal or financial data, and ransomware. The decline in incidents as per StatCan figures could be due to the increased spending on the detection and prevention of cybersecurity incidents. Businesses spent an additional $2.8 billion in 2021 on cybersecurity than the $9.7 billion spent in 2019.
There is however concern that StatCan’s figures on how many businesses have suffered ransomware attacks may be lower than reality. Experts like Centre for Strategic Cyberspace and International Studies director, David Swan, say that Canadian organisations are likely refusing to report. He expressed the belief that Canadian businesses preferred not to admit to having been hacked and would rather pay off attackers discreetly and not make any report to relevant bodies.
Head of Beauceron Security, David Shipley, expressed a similar opinion, stating that there were studies that estimated 70% of ransomware victims admitted paying ransoms. He also pointed to a case in which the RCMP recovered ransomware payments made by Canadian firms using cryptocurrency to the Netwalker ransomware gang. Some firms declined to take back their monies seeing it as an admission that they were victims of malware and not desiring the publicity attached.
The Ontario privacy commissioner is advising businesses to set up an internal privacy and security governance committee that will be responsible for IT, privacy, access and legal issues. The commissioner is also recommending detailed accounting and auditing of data and information at business stores so that there is a clear understanding of the organisation’s information holdings.
Police are also asking that businesses report any successful cyber-attack, even if the attacker is not local, as there is extensive interagency collaboration across the world. Depending on the agency you report to, it is also possible to get assistance in terms of guidance on how to strengthen your systems and go about remediation.
Contact Accountancy Insurance
We would love to hear from you.
About Accountancy Insurance
Thousands of accounting firms offer our tax audit insurance solution, Audit Shield to their clients. Find out why.