OTTAWA—A new poll suggests nearly 70 percent of Canadian organizations facing a ransomware attack last year paid the demands to avoid downtime, reputational damage and other costs.
The annual Canadian Internet Registration Authority (CIRA) Cybersecurity Survey says the high number of groups that pay ransoms comes from the 17 percent that say they were attacked last year.
More than one-third (36 percent) of organizations say they have introduced new security measures to meet increased pressure from hackers as more people are working from home, up from 29 percent saying so a year ago.
Nearly all of the 510 security professions surveyed (95 percent) say at least some of the new protections will remain permanent while 64 per cent support legislation that would prohibit paying ransom demands.
“(Businesses) got to work and implemented new policies, technologies, and security training boot camps for staff—protections they plan to keep in place long after the pandemic,” stated Mark Gaudet, CIRA general manager for cybersecurity and DNS services.
The study also found 59 percent of businesses have cybersecurity insurance as part of their business insurance, with many companies saying their premiums have increased and insurers are asking for more proof of cybersecurity measures that they have in place.
Canada has faced some high-profile ransomware attacks affecting hospitals, RCMP detachments and major energy pipelines.
The online survey conducted in July and August of organizations with 50 to 999 employees was released ahead of cybersecurity conference MapleSEC that starts Tuesday.
“It feels like the pandemic forced 10 years of cybersecurity adoption to happen in about 10 weeks,” said Gaudet.
“The pivot to work-from-home and employees using their own devices really increased the number of security threats facing organizations, and the bad guys did everything they could to take advantage of the situation.”
The survey found companies hit by cyberattacks most often dealt with employees not being able to complete work, increased costs, lost revenue and reputational damage.
The polling industry’s professional body, the Canadian Research Insights Council, says online surveys cannot be assigned a margin of error because they do not randomly sample the population.