Skip to main content

Seven in 10 Canadian organizations facing ransomware attack paid demands: survey

Networking cables in a server bay are shown in Toronto on Wednesday, November 8, 2017. Nathan Denette / THE CANADIAN PRESS Networking cables in a server bay are shown in Toronto on Wednesday, November 8, 2017. Nathan Denette / THE CANADIAN PRESS

A new poll suggests nearly 70 per cent of Canadian organizations facing a ransomware attack last year paid the demands to avoid downtime, reputational damage and other costs.

The annual Canadian Internet Registration Authority (CIRA) Cybersecurity Survey says the high number of groups that pay ransoms comes from the 17 per cent that say they were attacked last year.

More than one-third (36 per cent) of organizations say they have introduced new security measures to meet increased pressure from hackers as more people are working from home, up from 29 per cent saying so a year ago.

Nearly all of the 510 security professions surveyed (95 per cent) say at least some of the new protections will remain permanent while 64 per cent support legislation that would prohibit paying ransom demands.

"(Businesses) got to work and implemented new policies, technologies, and security training boot camps for staff -- protections they plan to keep in place long after the pandemic," stated Mark Gaudet, CIRA general manager for cybersecurity and DNS services.

The study also found 59 per cent of businesses have cybersecurity insurance as part of their business insurance, with many companies saying their premiums have increased and insurers are asking for more proof of cybersecurity measures that they have in place.

Canada has faced some high-profile ransomware attacks affecting hospitals, RCMP detachments and major energy pipelines.

The online survey conducted in July and August of organizations with 50 to 999 employees was released ahead of cybersecurity conference MapleSEC that starts Tuesday.

"It feels like the pandemic forced 10 years of cybersecurity adoption to happen in about 10 weeks," said Gaudet.

"The pivot to work-from-home and employees using their own devices really increased the number of security threats facing organizations, and the bad guys did everything they could to take advantage of the situation."

The survey found companies hit by cyberattacks most often dealt with employees not being able to complete work, increased costs, lost revenue and reputational damage.

The polling industry's professional body, the Canadian Research Insights Council, says online surveys cannot be assigned a margin of error because they do not randomly sample the population.

This report by The Canadian Press was first published Oct. 4, 2021. Top Stories

Ukraine will stop Putin, Biden tells NATO in forceful speech

Joe Biden forcefully defended the foreign policy achievements of his presidency as he welcomed NATO member states to a Washington summit on Tuesday that is being closely watched by allies at home and abroad for proof the embattled U.S. president can still lead.

Gypsy Rose Blanchard is pregnant

Gypsy Rose Blanchard, who served eight and a half years for helping to kill her abusive mother, announced Tuesday that she is set to become a mother herself.

Local Spotlight