Regina, February 4, 2021 – The pandemic has made Canadian small businesses more vulnerable to cyberattacks. Nearly a quarter of businesses have experienced cyberattacks since March 2020 with 5 per cent overall saying the attack against them was successful, finds the newest report by the Canadian Federation of Independent Business (CFIB). Relative to the whole economy, this means that about 61,000 small and mid-sized businesses were victims of cyberfraud last year.
“While many small businesses have adapted to the pandemic by adopting new technologies, remote-work arrangements and ecommerce platforms, these changes have also created new opportunities for cyberattacks,” said Jasmin Guenette, CFIB’s vice-president of national affairs. “It’s more important than ever for small firms to protect their information systems.”
More than 80 per cent of businesses that experienced a cyberattack say it came through email scams and phishing attempts and 50 per cent encountered malicious software. The businesses most at risk of cyberfraud were:
- Those with 20 or more employees
- Those who allowed their employees to work remotely or made any changes to their online presence
- Those in the manufacturing, wholesale trade, business services and enterprise and administration management sectors
Businesses need tools to protect themselves
“When a small business suffers a cyberattack, the effects can be very heavy, from stress and financial loss to compromised personal and banking information and negative impacts on business relationships,” added Andreea Bourgeois, Senior Analyst at CFIB. “Many are investing more in their IT infrastructure—$6,700 on average—but beyond that, they have few recourses if a cyberattack is successful.”
CFIB recommends that businesses invest in cyber insurance to protect themselves in the event of a cyberattack. In addition, business owners should:
- Be aware of cyber risks to their business, using sources such as the Insurance Bureau of Canada, the Government of Canada’s National Security and Defence, Cyber Security Unit, CFIB’s website and other business associations’ websites and resources
- Raise awareness among employees about cyberattacks and train staff to detect and avoid them
- Share information on scams and best practices for prevention with other business owners
- Report cyberattacks to law enforcement and other authorities, such as the Canadian Anti-Fraud Centre, the Competition Bureau, and the Better Business Bureau.
Governments, law enforcement agencies and other authorities can help business owners protect themselves by using “cyber policing” resources adequately, proactively sharing information on existing resources and best practices with businesses and associations, and provide services specifically tailored to SMEs regarding cyber insurance and cyberattacks. Governments can also provide small businesses with tax credit or grants to help them invest in IT protection equipment
“More than half of small business owners say they are more worried about potential cyberattacks since March 2020. Cyberattacks will continue to be a growing concern for small businesses in 2021 and beyond,” concluded Guenette. “Being proactive in protecting their information systems and training staff to detect cyberfraud attempts is their best defense.”
Read CFIB’s full Cyberfraud in small business research snapshot for more information.