Cost of data breaches in Canada hit new record in 2021: IBM
The average cost of a data breach in Canada hit a record high last year as companies grappled with new cybersecurity risks during the COVID-19 pandemic.
According to a new report from IBM Security, the average cost of a data breach in Canada was $6.75 million per incident in the 2021 survey year. That's up from $6.35 million the year before and the highest since IBM first included Canada in its survey seven years ago. It's also higher than the 2021 global average of US$4.24 million ($5.34 million), which in itself is a 10 per cent increase from the prior year and the highest global average in the survey's 17-year history.
The study suggests cybersecurity efforts may have lagged behind as companies were forced to rapidly adapt to remote work during the pandemic, said IBM Security associate partner Ray Boisvert.
“This to me is a wake-up call,” Boisvert said, adding companies reported data breaches last year that were not only costly, but also hard to contain. For example, companies surveyed reported a mean time of 164 days to identify they had a breach and 60 days to contain it, one week longer than the prior year's report.
According to the study, data breaches cost $1 million more on average when remote work was indicated as a factor in the event.
“There was certainly a strong link to remote work,” Boisvert said. “We're now living in a perimeter-less environment … and trying to defend a multiplicity of inputs becomes very difficult.”
Charles Finlay, executive director of the Rogers Cybersecure Catalyst at Ryerson University, said the sheer volume of varying devices and network connections used by remote workers during the pandemic posed a cybersecurity threat.
“Employees are working from home using insecure Internet networks and computers, and the kind of security measures that would be imposed in a corporate environment in a workplace just are not always present,” Finlay said.
He added that a crisis like the global pandemic can also be easily exploited by cybercriminals - for example, through a phishing email that poses as official health advice.
“We know that fake websites have been set up purporting to provide information on COVID-19,” Finlay said. “So COVID-19 has provided a lot of opportunity, unfortunately, for malicious attackers and cybersecurity. I'm not surprised by IBM's findings.”
The survey found nearly half (44 per cent) of the breaches analyzed exposed customer personal data, such as names, emails, passwords, or even healthcare data. It found compromised user credentials (such as stolen passwords) were the most common method used as an entry point by attackers, representing 20 per cent of breaches studied.
Ransomware attacks are also growing increasingly common, said Finlay, pointing to high-profile incidents so far in 2021 like the Russian-linked cyberattacks on Colonial Pipeline and JBS Foods.
“When I look back at the last year, the most serious development that I see is around the increasingly serious ransomware attacks, in particular around critical infrastructure,” Finlay said. “Ransomware is exploding as a major international security problem. It is a multi-billion global industry.”
The IBM survey analyzed real-world data breaches experienced by 500 organizations worldwide (26 in Canada) between May 2020 and March 2021. It factored in costs to companies ranging from legal, regulatory and technical responses in the event of a cyberattack to loss of brand equity, customers, and employee productivity.
This report by The Canadian Press was first published July 28, 2021
CTVNews.ca Top Stories
2 dead, third in critical condition after attack in Kingston, Ont., suspect arrested
Two people are dead and a third suffered life-threatening injuries following an attack at an encampment in Kingston, Ont. Thursday. A suspect has been arrested following a multi-hour standoff.
B.C. will scrap carbon tax if feds remove requirement: Eby
British Columbia’s premier says the province will end the consumer carbon tax if the federal government removes the legal requirement to have one.
Trump rules out another debate against Harris as her campaign announces US$47M haul in hours afterward
Donald Trump on Thursday ruled out another presidential debate against Kamala Harris as her campaign announced a massive fundraising haul in the hours after the two candidates met on stage.
TIFF pauses screenings of documentary about Russian soldiers due to 'significant threats'
The Toronto Film Festival says it has been forced to pause the screenings of a documentary about Russian soldiers this weekend, citing 'significant threats to festival operations and public safety.'
'Keep your bags packed': Consul general grilled over $9M NYC condo purchase
After weeks of pressure, Canada's consul general Tom Clark is testifying on Thursday before a House of Commons committee about the purchase of his new official residence in New York that generated a lot of political attention over the summer.
Georgia judge dismisses two criminal counts against Trump, court filing shows
A Georgia judge on Thursday dismissed two criminal counts in the U.S. state's 2020 election interference case against Republican presidential candidate Donald Trump and one other count against allies of the former president.
Family of Sikh man speaks out against Toronto-area hospital after beard shaved
The family of a Sikh man from Brampton is seeking an apology, an explanation, and a promise to do better from the local hospital network after they say the facial hair of their loved one was removed without their consent.
This Italian lawyer says he thought he was buying a regular print of Churchill, not the 'mythical' stolen portrait
When Nicola Cassinelli, Italian lawyer and occasional art collector, bid on a portrait of the late U.K. prime minister Winston Churchill, he says, he didn't know it would land him in the centre of an international criminal investigation.
NEW N.B. premier’s asylum seeker comments spark controversy
Claims from New Brunswick Premier Blaine Higgs that Ottawa wants to force the province to take in 4,600 asylum seekers are "largely fictitious," says federal Immigration Minister Marc Miller.