Are Canadian companies putting off data security?

A survey shows that despite AI investment going up, companies may not be prepared for the security responsibilities it brings.

More than one-third of businesses plan to invest in AI within the next two years, an increase of 48% compared to the year prior. But despite the greater degree of data collection required by AI, cybersecurity remains an issue some companies are not prepared for.

This is according to the third IT Portrait of Canadian Businesses Survey, conducted by Canadian IT solutions firm NOVIPRO. Partnering with Leger on the survey, it polled 476 IT and technology decision-makers at companies with more than 100 employees.

More than half of Canadian businesses (57%) own confidential information on their clients, but 79% have experienced a cyber attack. Despite this, one quarter (25%) of businesses do not have a cyber attack recovery plan in place and 49% say they would not write a note to their clients in the event of a data breach.

“While it’s wonderful to see Canadian businesses continue to advance and adopt new technologies, like AI, it’s important that companies are properly equipped to manage these new technologies so they become an asset, not an issue,” said Yves Paquette, co-founder, president and CEO of NOVIPRO, in the report. “Our survey reveals that security was more of a concern for business leaders in 2018 than in previous years, yet the number of businesses conducting security audits year over year has decreased significantly.”

Besides the ethical and privacy implications, Paquette adds that this is an especially important time for companies to be focused on security, as changes to the Personal Information Protection and Electronic Documents Act (PIPEDA) that took effect in November now require businesses to report security breaches to the Privacy Commissioner of Canada, as well as notify affected individuals and keep records of all breaches.

Businesses from Atlantic Canada (43%) and Prairies (38%) had the most attacks in 2018, while only 25% of businesses in Ontario did. Industries that were victims of cyber attacks the most were from agriculture (50%), and construction and real estate (40%) sectors.

When a breach does happen, respondents from Ontario businesses say that 79% would communicate with their IT team, half would write to clients and 64% would report to police and company leaders. The study found that the most transparent industries were companies in the agriculture and healthcare sectors.

While AI investment is expected to go up across Canada, not all regions are on the same level. Ontario businesses are planning the least amount of investments (at 35%), compared to Atlantic Canada (48%), Quebec (42%), British Columbia (42%) and the Prairies (41%).

AI investment is also more of a priority for companies in consumer goods (52%), technology, media and telecoms (40%) and financial services (40%). On the lower end of planned investment is professional services (23%), manufacturing (25%) and healthcare (26%).