Canadian companies have strong cybersecurity protocols in place, but lag behind in testing their effectiveness: KPMG in Canada

KPMG’s 2021 Cyber ​​Security Survey recently surveyed business owners or decision makers in primarily midsize companies and 1,000 Canadians ahead of Cyber ​​Security Awareness Month to get their take on how businesses can defend themselves against the growing threat of cyber attacks and meet consumer expectations.

The survey found that few companies integrate cybersecurity into their governance and management processes and are well prepared to ward off a cyber attack. Only 38 percent claim that cybersecurity is “deeply embedded” in all aspects of their business, and only 39 percent are “very confident” in their ability to detect and respond to an attack.

“While many businesses have access to most of the cybersecurity tools they need, it is essential that they integrate them into their operations at all levels, as an attack can come from anywhere,” says Hartaj Nijjar, partner, Cybersecurity, KPMG in Canada. “If you don’t have the right security controls built in by design, you will be more exposed. ”

“As cybercrime escalates, Canadian businesses must make it a priority to protect not only their own data, but that of their customers as well. Consumers are paying more attention to risk and holding companies to account for protecting their data. Our survey shows that companies could do more to improve their cybersecurity culture. “

Highlights of the survey:

  • 94 percent of small and medium-sized businesses say they monitor their environment to detect possible cyber attacks
  • Correct 39 percent say they are “very confident” in their ability to detect and respond to a cyber attack, and 59 percent are “fairly confident”. The rest two percent are “not at all confident”
    • The “very confident” group falls to 35 percent in British Columbia and 33 percent at a time Alberta and Quebec, and jump to 44 percent in Ontario
  • 56 percent have developed complete playbooks and regularly perform cyber simulations, while 44 percent do not have or do not do this
  • Only two in five (38 percent) say cybersecurity is “deeply embedded” into all aspects of their business. These companies integrate cybersecurity into all aspects of their governance and management processes, and they have a cybersecurity leader who plays a key role in their business.
  • 56 percent stated that cybersecurity is “somewhat integrated” into all aspects of their business, that is, it is integrated into some of their governance and management processes, but not all
  • Almost half (48 percent) plan to increase their cybersecurity budgets by up to 20% over the next 12 months, while a third plan to increase their cybersecurity spending by less than five percent over the coming year.

The survey also found that while two-thirds of SMEs have IT staff partially or fully dedicated to cyber prevention, just over half (51 percent) also partially outsource or co-source their cybersecurity functions. Almost a quarter (23 percent) outsource entirely through qualified managed service providers.

Canadians Worried About Cyber ​​Attacks

Canadian consumers, on the other hand, remain very concerned about cyber breaches. Ninety-three percent “Are concerned or suspicious” about sharing their personal or financial information with any organization that has experienced a cyberattack or data breach, ranging from 90 percent last year. And almost eight out of 10 (78 percent) are concerned that their personal data could be stolen in a cyber attack on their financial institutions, retailers, wireless / internet providers and governments.

Other consumer highlights

  • 89 percent say they are very careful when shopping online because they are afraid their information will be hacked or stolen
  • Less than half (46 percent) fear their personal data will be stolen in a cyber attack against their employer
  • 58 percent say they no longer trust the government to protect their personal information
  • 52 percent of Canadians support the use of digital authentication measures such as biometric scans (fingerprints, voice, iris) to access government or business services if this provides more security for their personal data

For more information on how businesses can build a strong cybersecurity culture and cyber defense strategy, read Cybersecurity in a post-pandemic world, by Hartaj Nijjar, Partner, Cybersecurity, KPMG in Canada and Guillaume Clément, partner, Cybersecurity, KPMG in Canada.

About the KPMG 2021 Cyber ​​Security Survey

KPMG used Methodify, Delvinia’s online research platform, to survey 1,001 Canadians and 253 small and medium businesses between September 1-13. Thirty-seven percent of businesses had revenues between 10 million dollars and $ 49.9 million, 25 percent had incomes between $ 50 million and $ 99.9 million and 38 percent had incomes of $ 100 million or more.

About KPMG in Canada

KPMG LLP, a limited liability company, is a full service auditing, tax and advisory firm owned and operated by Canadians. For more than 150 years, our professionals have provided consulting, accounting, auditing and tax services to Canadians, inspiring confidence, fostering change and fostering innovation. Guided by our fundamental values integrity, excellence, courage, together for the better, KPMG employs nearly 8,000 people in more than 40 locations across Canada, serving clients in the private and public sectors. KPMG is regularly ranked one of Canada’s Best Employers and one of the best places to work in the country.

The firm is established under the laws of Ontario and is a member of KPMG’s global organization of independent member firms affiliated with KPMG International, a private UK company limited by guarantee. Each KPMG firm is and describes itself as a legally distinct and separate entity. For more information see


For further information: For media inquiries: Roula Meditskos, National Communications and Media Relations, KPMG in Canada, (416) 549-7982, [email protected]