There’s no doubt that 2023 will be remembered as the year that inexpensive, easy-to-use AI tools came into their own—and CIRA’s 2023 survey results reflect it. The novel threats posed by generative AI are top of mind, with most organizations (68 per cent) expressing concern about their potential impact. Despite these concerns, few organizations are taking pre-emptive steps against this new category of threat, with only about a third (32 per cent) of cybersecurity experts reporting having an AI policy to protect and educate their teams.
The survey findings also shed new light on the recovery costs following a cyber attack, which have reached unprecedented heights. Notably, of the 23 per cent of organizations that were victimized by a ransomware attack in the past 12 months, 70 per cent paid the attackers’ ransom demands.
In addition to paying these exorbitant ransoms, nearly three in 10 organizations (29 per cent) reported experiencing a loss of revenue as a result of a cyber attack—nearly double the 2022 figure of 17 per cent—while one quarter (24 per cent) said they had suffered reputational damage. Organizations also reported taking a significant productivity hit following an attack as they tried to get back on track.
While every organization is vulnerable to the impacts of cyber crime, the data shows those in the MUSH (Municipal, University, School and Hospital) sector are at the greatest risk of falling prey to malicious actors. These organizations are a persistent target because they hold large amounts of valuable personal data and deliver essential services to the public. Almost two-thirds (64 per cent) of MUSH organizations have used their cyber incident response plan in the last 12 months.
The majority of Canadian organizations are putting measures in place to protect themselves, with almost three-quarters (73 per cent) indicating that the financial resources allocated to IT system management and cybersecurity have increased in the past year. But overall, the 2023 CIRA Cybersecurity Survey finds them still ill-prepared to handle the potentially devastating consequences of a major attack.
Over the coming weeks, we will be breaking down the survey results in a series of blog posts (which you can find in this section below), each covering a key finding in greater detail. Through our data, Canadian and global cybersecurity professionals will gain valuable insights to better understand Canada’s threat landscape.