Cybercrime Costs Average US$9.25 Million for Canadian Companies

On Tuesday (May 7), Accenture (NYSE:ACN) released its ninth annual Cost of Cybercrime Study for 2018, which includes statistics on the Canadian cybercrime environment for the first time.

According to the study, the average cost of cybersecurity attacks for Canadian firms in 2018 was US$9.25 million per company.

Surveying 2,600 security and IT professionals globally, the study looks at the economic impact cyberattacks had on companies. It further details core vulnerabilities within global security infrastructure, while highlighting solutions to prevent future infringements.

Broadly, the study reports that malware (malicious software) was the most common form of attack in 2018. Globally, malware attacks on companies increased by 11 percent from 2017. On average, the cost of malware attacks on each individual company came to US$2.3 million last year.

Attacks from ransomware, which is software that prevents users from accessing their computer system unless they pay a ransom, grew by 15 percent in 2018.

Phishing or social engineering attacks increased by 16 percent over the year. In these attacks, malicious actors disguised as reputable companies attempt to coerce individuals into disclosing valuable information such as credit card information and passwords. The study further notes that 85 percent of companies surveyed encountered such attacks.

“Canadian organizations must prioritize protecting people, take a data-centric approach to security to limit information loss and business disruption and implement AI technology and analytics to reduce the rising cost of attacks,” Ahmed Etman, managing director of security at Accenture Canada, said in the press release accompanying the report.

Specifically, the report notes that Canadian companies faced, on average, 1.5 cyberattacks a week last year. The most costly attacks for Canadian firms were malicious code and malicious insiders, which took double the time to resolve in comparison to ransomware or phishing attacks. These types of attacks cost companies US$3.3 million on average.

Additionally, Canadian companies reported that the cost of information loss from cyberattacks reached US$3.8 million; the cost to business disruption stood at US$2.96 million last year.

Canada is the third most targeted country for data breaches, according to a report from Risk Based Security, behind the United States and the United Kingdom.

“It’s not that we are in a weaker position than other countries. It’s that we are an attractive country for cybercriminals and cyber threat actors,” Jason Besner, the director of threat reporting and planning at the Canadian Centre for Cyber Security, told CPA Canada.

To that end, within the first quarter of 2019, Risk Based Security reported over 1,900 data breaches in Canada alone, which exposed 1.9 billion records. That is a whopping 54.6 percent increase in reported data breaches compared to the first quarter of 2018.

“The number of data leaks — both in the form of open, unsecured services and credentials leaks — reached new levels this quarter,” Inga Goddijn, executive vice president and head of Cyber Risk Analytics, said in the report.

The report found that the business sector experienced the most frequent attacks, with over 71 percent of total data breaches, followed by the medical (13.6 percent), government (7.8 percent) and education (6.8 percent) industries.

In line with these figures, Accenture projects that the cost of cybersecurity threats will be US$5.2 trillion globally over the next five years. The firm notes that the average cost of cybercrime globally has increased 72 percent over the previous five years.

When it comes to preventing cyberattacks, Accenture suggests that companies invest in security intelligence and threat sharing applications. Examples of these include intrusion prevention systems, unified threat management, data-loss prevention and next-generation firewall applications.

A focus on reducing malware and denial-of-service attacks is also suggested by the report, as well as investing in automation, AI and machine learning to improve cost savings. The best performing cost savings category was in security intelligence and threat sharing.

Accenture says in the study that global investment in AI and automation could result in US$2.09 million in cost savings to businesses. Additionally, tactical investment in security applications will help generate value and trust for companies in the long term.

As cybercrime activities are projected to cost companies an average of 2.8 percent of their total revenue per year for the next five years, investing in security may prove to be essential.

Don’t forget to follow us @INN_Technology for real-time news updates!

Securities Disclosure: I, Dorothy Neufeld, hold no direct investment interest in any company mentioned in this article.