New research from the Insurance Bureau of Canada (IBC) revealed gaps in many businesses’ cyber security defence, particularly when it comes to educating employees about cyber attacks.
IBC surveyed 1,500 employees from small and medium-sized enterprises last August. Only a third of these employees (34%) said their companies have provided them with mandatory cyber security awareness training and only half (50%) said their organization has integrated the use of multi-factor authentication in their corporate network.
Additionally, only a quarter of the employees surveyed by IBC (24%) said their employer conducts phishing email simulations to promote.
The survey also revealed that 21% of respondents believe that most cyber breaches are easy to resolve.
“As cyber attacks become more common, it's important for businesses of all sizes to take action to reduce their risk,” said Celyeste Power, executive vice president for strategic initiatives and advocacy at IBC. “Educating employees to be cyber savvy is a critical element of good cyber hygiene.”
IBC has recently launched a number of resources to increase cyber security education and awareness, including an online information portal and a cyber security quiz that allows Canadians to test their knowledge of breaches and attacks.
The cyber-savvy portal has seen over 628,218 visits as of October 31. Among the visitors that took the quiz, only 14% were able to score a passing grade, which IBC said underscores the need for greater cyber awareness efforts.
IBC is also sponsoring the cyber education efforts of the Canadian Federation of Independent Business (CFIB), particularly through the financial support of CFIB's business advisor helpline, where advisors answer basic questions on cyber security or refer callers to trusted, third-party resources. IBC's funding has likewise expanded access to CFIB's helpline to all small business owners in Canada.
Moreover, the IBC has its own business insurance helpline, which provides businesses and organizations access to free risk management services, including information about cyber insurance.