Small Canadian businesses underprepared for cyberattacks: IBC survey

Canadian small- and medium-sized business owners may “dangerously underestimate” the likelihood and complexity of a cyber breach, says a new survey commissioned by Insurance Bureau of Canada (IBC). 

Despite cybercrime hitting a global all-time high, fewer than half (48%) of 308 respondents representing small and medium-sized enterprises (SMEs) believe their business is vulnerable to a cyberattack or data breach, IBC says in an Oct. 1 press release.

In fact, only 6% of respondents strongly agree there is a chance their business is vulnerable to a cyberattack or data breach, IBC says, despite research from Business Development Bank of Canada indicating 73% of small businesses have experienced a cybersecurity incident.

About two-thirds (66%) of respondents, which includes Canadian business owners and decision-makers who work at companies with up to 500 employees, say they are confident in their business’ ability to withstand a data breach or website shutdown. “These findings suggest that most SMEs may not fully understand the true impact and cost of recovering from a cyberattack.”

Other key survey findings include: 

• Only 47% of respondents say their business is prepared for a cyberattack or data breach 
• Nearly seven in 10 (69%) of respondents express confidence in their understanding of emerging cyber risks
• Fewer than half (48%) have implemented any form of cyber defence 
• Just 22% carry cyber insurance, and only 12% have a dedicated standalone cyber insurance policy. 

“Cyber threats can lead to serious financial and legal issues for SMEs – issues that regular business insurance often doesn’t protect them from,” says Mahan Azimi, IBC’s director of catastrophic and emerging risk policy.

CAIB New Edition 1.0 – a New Standard for Broker Education Image

Insights Paid Content

CAIB New Edition 1.0 – a New Standard for Broker Education

Preparing brokers to navigate an increasingly complex insurance landscape.

By 

Sponsor Image

“Responding to an attack may require hiring experts like forensic investigators, lawyers and public relations professionals, which can be extremely costly for businesses that don’t have dedicated cyber insurance. A standalone cyber policy can also help cover costs associated with lost income, recovery efforts and legal liabilities,” he adds.  

Why AI adoption speed worries industry pros Image

Business Lines

Why AI adoption speed worries industry pros

The study found only one-third of businesses are confident their insurance policies address AI risks adequately

3 min read

Business owners are growing more concerned that artificial intelligence (AI) and other new technology will make it harder to protect themselves against cyber risks, the latest survey finds. Concerns rose from 65% of respondents in last year’s survey to 72% this year. Still, only 45% say they have policies and training in place to help employees spot AI-generated scams. 

Another finding is that 27% of respondents indicate they are concerned about potential lawsuits stemming from a cyberbreach. “As businesses increasingly rely on vendors, cloud services and outsourced IT providers, third-party cyber risk is becoming a major vulnerability — potentially leaving small business owners liable if a vendor breach compromises customer data,” IBC says.

To help SME owners understand the impact of cyberattacks and how insurance can support recovery, IBC developed a free cyber insurance guide and resources. The guide explains coverage details, offers protection and recovery tips, outlines the insurance application process and shares resources to boost cyber resilience.

“A cyber breach is not just a compromised website or lost data; it’s a business crisis that can impact your reputation and harm anyone whose data you may hold,” Azimi says. “Cyber insurance helps ensure that when the worst happens, you’re not facing it alone.” 

Jason Contant

Jason has been an award-winning journalist with Canadian Underwriter for more than a decade, including the past three years as associate editor and, before that, as digital editor for seven years.