Cost of data breaches in Canada hit new record in 2021: IBM

The average cost of a data breach in Canada hit a record high last year as companies grappled with new cybersecurity risks during the COVID-19 pandemic.
According to a new report from IBM Security, the average cost of a data breach in Canada was $6.75 million per incident in the 2021 survey year. That's up from $6.35 million the year before and the highest since IBM first included Canada in its survey seven years ago. It's also higher than the 2021 global average of US$4.24 million ($5.34 million), which in itself is a 10 per cent increase from the prior year and the highest global average in the survey's 17-year history.
The study suggests cybersecurity efforts may have lagged behind as companies were forced to rapidly adapt to remote work during the pandemic, said IBM Security associate partner Ray Boisvert.
“This to me is a wake-up call,” Boisvert said, adding companies reported data breaches last year that were not only costly, but also hard to contain. For example, companies surveyed reported a mean time of 164 days to identify they had a breach and 60 days to contain it, one week longer than the prior year's report.
According to the study, data breaches cost $1 million more on average when remote work was indicated as a factor in the event.
“There was certainly a strong link to remote work,” Boisvert said. “We're now living in a perimeter-less environment … and trying to defend a multiplicity of inputs becomes very difficult.”
Charles Finlay, executive director of the Rogers Cybersecure Catalyst at Ryerson University, said the sheer volume of varying devices and network connections used by remote workers during the pandemic posed a cybersecurity threat.
“Employees are working from home using insecure Internet networks and computers, and the kind of security measures that would be imposed in a corporate environment in a workplace just are not always present,” Finlay said.
He added that a crisis like the global pandemic can also be easily exploited by cybercriminals - for example, through a phishing email that poses as official health advice.
“We know that fake websites have been set up purporting to provide information on COVID-19,” Finlay said. “So COVID-19 has provided a lot of opportunity, unfortunately, for malicious attackers and cybersecurity. I'm not surprised by IBM's findings.”
The survey found nearly half (44 per cent) of the breaches analyzed exposed customer personal data, such as names, emails, passwords, or even healthcare data. It found compromised user credentials (such as stolen passwords) were the most common method used as an entry point by attackers, representing 20 per cent of breaches studied.
Ransomware attacks are also growing increasingly common, said Finlay, pointing to high-profile incidents so far in 2021 like the Russian-linked cyberattacks on Colonial Pipeline and JBS Foods.
“When I look back at the last year, the most serious development that I see is around the increasingly serious ransomware attacks, in particular around critical infrastructure,” Finlay said. “Ransomware is exploding as a major international security problem. It is a multi-billion global industry.”
The IBM survey analyzed real-world data breaches experienced by 500 organizations worldwide (26 in Canada) between May 2020 and March 2021. It factored in costs to companies ranging from legal, regulatory and technical responses in the event of a cyberattack to loss of brand equity, customers, and employee productivity.
This report by The Canadian Press was first published July 28, 2021
CTVNews.ca Top Stories
Risk of a hard landing for Canadian economy is up, former Bank of Canada governor says
Former Bank of Canada governor Stephen Poloz says Canada’s economy is at a greater risk of a 'hard landing' — a rapid economic slowdown following a period of growth and approaching a recession.

'Horrible, horrible deals': Trump criticizes Biden's visit to Canada
Former U.S. president Donald Trump shared his disdain for Joe Biden's visit to Canada, saying Prime Minister Justin Trudeau treats the U.S. ‘horribly’ on trade issues.
Putin says Russia will station tactical nukes in Belarus
Russian President Vladimir Putin announced plans on Saturday to station tactical nuclear weapons in neighboring Belarus, a warning to the West as it steps up military support for Ukraine.
'There's nothing left': Deep South tornadoes kill 26
Rescuers raced Saturday to search for survivors and help hundreds of people left homeless after a powerful tornado cut a devastating path through Mississippi, killing at least 25 people, injuring dozens, and flattening entire blocks as it carved a path of destruction for more than an hour. One person was killed in Alabama.
Officials: 2 dead, 5 missing in chocolate factory explosion
An explosion at a chocolate factory in Pennsylvania on Friday killed two people and left five people missing, authorities said. One person was pulled from the rubble overnight.
Trump, facing potential indictment, holds defiant Waco rally
Facing a potential indictment, Donald Trump took a defiant stance at a rally Saturday in Waco, disparaging the prosecutors investigating him and predicting his vindication as he rallied supporters in a city made famous by deadly resistance against law enforcement.
Canadians view own country favourably but many unsure about Canada's system of government: survey
A recent study by the Angus Reid Institute found Canadians view their country more positively than Americans do, but only a slight majority of people in Canada believe their system of government is good.
Declining suicide rates in Europe may be linked to increased preventative initiatives: report
Within the last decade the total suicide rate among European nations have decreased, according to a new report that says increased suicide prevention initiatives may have helped bring down this death rate.
Russia 'largely stalled' in Bakhmut, shifting focus, U.K. says
The top commander of Ukraine's military said Saturday that his forces were pushing back against Russian troops in the long and grinding battle for the town of Bakhmut, and British military intelligence says Russia appears to be moving to a defensive strategy in eastern Ukraine.