Canada ranks third in the world for average data breach costs, according to analysis of IBM data, and insurance brokers have been left unsurprised by its high placement.
The average cost of a data breach in the country was US$5.4 million (CA$7.3 million) in 2021, representing a 20% increase of $900,000 on 2020, according to IBM and Proxyrack.
Ahead of Canada were the US (US$9.05 million) and the Middle East (US$6.93 million), according to a ranking by Proxyrack.
“The high ranking comes as no surprise, as we have found that Canadian businesses and individuals have been taking a more reactive approach, as opposed to being proactive,” said Michael Molloy, executive risk solutions specialist at the Lawrie Insurance Group, part of Canadian Broker Network.
Ransomware, a global threat, has caused difficulties for Canadian insureds.
“We can validate that the cost of data breaches has gone up exponentially here in Canada over the last couple of years, with specifically ransomware causing a big challenge for insurers. Canadian companies have not yet fully adopted proactive, robust cybersecurity defences – many think it won’t happen, or will happen to somebody else, or only to bigger companies,” Molloy said.
“When in fact, we’ve seen many small businesses being targets - only to realize too late that they need to take cybersecurity and cyber insurance seriously.”
There are multiple elements that Canadian businesses need to be aware of when considering cyber risk, according to brokers.
“It appears that the increased costs in general for cyber breaches can be attributed to several factors, including remote working, businesses’ cyber security protocols and size of the breaches, industry segment, and more,” said Hillaine McCaffrey, cyber broker at Acera Insurance (formerly Rogers Insurance).
“There is a correlation between remote working and the cost of a data breach as there are many more endpoints that need to be managed and the IT forensics and breach containment can therefore take much longer.”
Canada has seen hybrid working arrangements continue to trend upwards in 2022. In November, 9.4% of staff worked both at home and another location, according to StatCan data. As of May, just under one in five Canadians (19.4%) said they worked “exclusively from home”.
Globally, organizations with more than 60% of staff working remotely have seen average data breach costs that were higher than the overall average, according to IBM. For organizations with 81% to 100% of employees in remote roles, the average cost was US$5.54 million, or US$1.3 million more than the average for all firms.
“The longer a breach takes to resolves, the higher the costs will be”, McCaffrey said.
“With a remote workforce, cyber security hygiene may also be more difficult to manage, as employees could be using unsecured networks or not practicing proper security protocols”
Cyber security protocols and data breach costs may also be linked, with businesses that have less mature cyber security systems and plans at risk of having losses “amplified”.
“Canada’s status on the ranking could very well be attributed to these factors as Canadian businesses work towards increasing their cyber security maturity, as Canada has been lagging a bit behind the trend when compared with some other countries,” McCaffrey said.
With Canadian organizations continuing to face up to the cyber threat, brokers expect that cyber insurance will continue to be in hot demand.
“G7 countries with advanced legal remedies pursuable on a contingency basis, shored up by consumer protecting regulations in multiple internal territories, take spot one and three – it is not surprising that Canada is there,” said Brooke Hunter, president and CEO of Hunters International Insurance.
“Cyber insurance will continue to be in demand in such environments and more importantly, so will sophisticated, robust cyber risk management services to serve such developed markets.”
The top 10 most commonly targeted regions by data breaches, according to Proxyrack, were:
Canada is the seventh most commonly targeted region for data breaches, according to analysis of IBM and Surfshark data by Proxyrack.
The country has seen more than 4.8 million breaches per one million people, Proxyrack said. Total data breaches in Canada now sit at 187.1 million, according to Surfshark data.
The top three most commonly targeted regions include the US (7.2 million per one million people), France (6.5 million per one million people), and South Sudan (6.2 million breaches per one million people), Proxyrack said.
The US alone has seen 2.5 billion breached accounts. France has witnessed 461 million, while South Sudan totalled 67.5 million.