OTTAWA -- A new Statistics Canada report says 18 per cent of Canadian businesses were impacted by cybersecurity incidents last year, down from 21 per cent in 2019, as they spent more money to prevent attacks.
The report found 16 per cent of small businesses, 25 per cent of medium-sized businesses and 37 per cent of large businesses reported being affected by cybersecurity incidents in 2021.
Statistics Canada said Tuesday businesses most commonly faced attempts to steal money or demand ransom payments and efforts to steal personal or financial data.
Sixty-one per cent of affected businesses identified external parties as the perpetrator of cybersecurity incidents, while 38 per cent could not identify the perpetrator.
The percentage of businesses that reported spending money to detect or prevent cybersecurity incidents remained relatively the same in 2021, at 61 per cent, compared with 62 per cent in 2019.
However, the amount of money Canadian businesses spent to detect or prevent cybersecurity incidents increased by roughly $2.8 billion in 2021 to $9.7 billion when compared with 2019, Statistics Canada said.
Large businesses spent $4.4 billion, small businesses spent $2.9 billion and medium-sized businesses spent $2.4 billion last year.
Businesses that were hit with a cybersecurity incident spent a total of slightly more than $600 million to recover, an increase of about $200 million dollars from 2019.
The report also found that many companies have been implementing policies and procedures to mitigate risks.
More than six in 10 businesses had at least one employee responsible for overseeing cybersecurity risks and threats as of 2021, almost four in 10 had a consultant or contractor to manage threats, and almost one-third had monthly or more frequent updating of operating systems.
The report was based on data collected from January to March 2022.
This report by The Canadian Press was first published Oct. 18, 2022.