Fewer large Canadian companies are prepared for cyberattacks

According to a KPMG report, this comes with big implications for brand reputation.

Far fewer CEOs at large Canadian companies say they are prepared for a future cyberattack.

KPMG International’s Global CEO Outlook Survey queried 75 Canadian CEOs, all of whom helm corporations with annual revenue of more than $500 million, with 40% overseeing firms reporting over $10 billion in annual revenue.

The insights reveal that 56% of the CEOs say they are “well prepared” or “very well prepared” for a future cyberattack, which is down from 73% who said the same in 2021. Meanwhile, 20% report they are “underprepared” for a cyberattack, up from 7% last year.

According to Hartaj Nijjar, partner and national cybersecurity industry leader at KPMG in Canada, a strong cybersecurity ecosystem can help boost the integrity of a company’s product or service, its customer experience, regulatory compliance, brand reputation and even investor confidence.

“Many large companies have invested in cybersecurity technology, tools and employee education programs over the years, but cyber threats are becoming more frequent and more sophisticated,” Nijjar warns. “So while companies may be fixated right now on near-term risks like a recession, it’s important not to take their eye off the ball when it comes to cybersecurity.”

Nijjar says it’s concerning that 17% of respondents said they do not view cybersecurity as a strategic function, up from zero last year. When asked if they view cybersecurity as a strategic function and a potential source of competitive advantage, 75% of large company CEOs agreed, down from 82% who agreed last year.

KPMG in Canada also surveyed business owners or executive level C-suite decision makers at 503 small- and medium-sized Canadian companies.

By contrast, 73% of those respondents feel more prepared to handle a cyberattack, up 9%, with two-thirds conceding that their defenses could be “a lot stronger.” With over half of SMBs saying they’ve been hit by cybercrime in the past year, nearly eight in ten said building a cybersecurity culture is just as important as building technological controls.