OTTAWA – October 9, 2019 – Today, the Canadian Internet Registration Authority (CIRA) released its 2019 Cybersecurity Survey Report which provides an overview of the Canadian cybersecurity landscape.

More than 500 individuals with responsibility over IT security decisions at both private and public sector institutions across Canada were surveyed to learn more about how they are coping with the increase in cyber threats.

The full report was released this morning as part of CIRA’s Cybersecurity Awareness Month activities.

Key findings

71 per cent of organizations reported experiencing at least one cyber-attack that impacted the organization in some way, including time and resources, out of pocket expenses, and paying ransom.

While 96 per cent of respondents said that cybersecurity awareness training was at least somewhat effective in reducing incidents, only 22 percent conducted the training monthly or better.

Only 41 per cent of respondents have mandatory cybersecurity awareness training for all employees.

Among those businesses that were victimized by a cyber-attack, 13 per cent indicated the attack damaged their reputation. This perception is a sharp contrast to the findings of CIRA’s recent report: Canadians deserve a better internet, which indicated that only 19 per cent of Canadians would continue to do business with an organization if their personal data were exposed in a cyber-attack.

43 per cent of respondents were unaware of the mandatory breach requirements of PIPEDA.

Of those businesses that were subject to a data breach, only 58 per cent reported it to a regulatory body; 48 per cent to their customers; 40 per cent to their management and 21 per cent to their board of directors.

43 per cent of respondents who said they didn’t employ dedicated cybersecurity resource cited lack of resources as the reason. This is up from 11 per cent last year.

Read the full report: https://cira.ca/resources/cybersecurity/report/2019-cira-cybersecurity-survey

Executive quotes

Now more than ever, Canadians need trust in the internet. We believe that security is the foundation of that trust which is why we have leveraged our experience safeguarding the .CA domain to help Canadian organizations protect themselves and their users.

– Byron Holland, president and CEO, CIRA

While technical solutions are important, the best layer of security for any organization are cyber-aware employees. We are happy to see more organizations embracing cybersecurity awareness training as a critical element of their defense. However, there is more work to be done to ensure the quality and rigor of the training offered keeps pace with the ever-changing world of cybersecurity.

– Jacques Latour, chief security officer, CIRA

It is encouraging to see the increase in awareness of cyber threats but there is still much to do. There is no silver bullet for cybersecurity, it requires constant vigilance, multiple layers, and employee awareness. We are committed to helping Canadian businesses and institutions implement the tools, platforms and processes that are required to protect their networks.

– Dave Chiswell, VP of product development, CIRA

Additional resources

About the Canadian Internet Registration Authority

The Canadian Internet Registration Authority (CIRA) manages the .CA top-level domain on behalf of all Canadians. CIRA also develops technologies and services—such as D-Zone DNS Firewall—that help support its goal of building a better online Canada. The CIRA team operates one of the fastest-growing country code top-level domains (ccTLD), a high-performance global DNS network, and one of the world’s most advanced back-end registry solutions.