One-third say that protection training has not been offered
Canadian businesses are failing to do enough to protect their organizations from cyber threats according to a new report.
In collaboration with research company Ipsos, Terranova Security surveyed 1,000 Canadian employees and found that the level of concern over cyber risks was alarmingly low. Just over a third (34 percent) of employees express little-to-no concern about data theft at work, and 16 percent believe they can’t be targeted at all by cyber criminals.
The research shows there is still confusion among employees over who is ultimately responsible for protecting company data. More than three-quarters (77 percent) of Canadian employees believe it’s the IT department’s responsibility to protect company data, compared to just 54% who believe they play an essential role.
These findings come at a time when the danger from a breach is at an all-time high. According to the Canadian Anti-Fraud Centre (CAFC), Canadians lost an estimated total of CAD $230 million to fraud in 2021, out of which a sum of CAD $100 million was connected to online fraud.
The research highlights that Canadian businesses are failing to provide employees with enough education on common cyber threats and security best practices. Only 40 percent of employees say they work in a company where cyber security awareness training is mandatory. Forty-four percent have not participated in any cyber security training, and 33 percent indicated that their company doesn’t offer any relevant training at all.
These low training rates are not due to a lack of interest from employees as 78 percent of those surveyed believe cyber security training is interesting.
“The research shows that there’s some work to do on educating people about the important role they play in protecting data at work, but the responsibility doesn’t just fall on them,” said Theo Zafirakos, chief information security officer at Terranova Security. “It’s clear that security awareness training fell by the wayside for many Canadian businesses, even though cyber crime is rising, and that’s a concern. But employees also have an appetite for learning more about it. These people are the first line of defense against any cyber attack. By investing more in education and building a culture around data security within the business, companies will set up a powerful barrier against any cyber threats.”