Half of Canadian SMBs say keeping on top of cybersecurity threats is their biggest challenge

More than two-thirds (67%) of Canadian SMBs think cybersecurity is a major concern for their business, with one-third (29%) experiencing more than one incident in the last year


TORONTO, Oct. 12, 2023 (GLOBE NEWSWIRE) -- Sage, the leader in accounting, financial, HR and payroll technology for small and mid-sized businesses (SMBs), today releases a new report, Cybersecurity for SMBs: Navigating Complexity and Building Resilience.

Sage has conducted a global research study across eight countries, including Canada, to understand SMBs’ perceptions on cybersecurity and the key hurdles organizations are facing in this space. Through the study, Sage aims to demystify cybersecurity and transform mitigating cybersecurity threats from a daunting task into an empowering business rigour that can help SMBs focus on productivity and staying resilient in the face of business challenges.

The global report reveals that keeping on top of new threats is the biggest cybersecurity challenge facing SMBs today, followed by ensuring employees understand cybersecurity expectations, educating staff about cybersecurity and thinking about the investment required. For Canadian SMBs, staying ahead of new threats is their biggest cybersecurity challenge (51%), in addition to the cost (41%), and educating staff about cybersecurity and knowing what cybersecurity they need in place for their organization (40%).

Additionally, the research finds:

  • Globally, 1 in 4 (25%) of SMBs have experienced more than one cybersecurity incident in the past year, with nearly a third (29%) of Canadian SMBs experiencing more than one cybersecurity incident in the same period.
  • The top 5 types of cyber breaches impacting Canadian SMBs include data loss (20%), Distributed Denial-of-Service (DDoS) attacks (19%), stolen laptops (18%), ransomware attacks (16%) and credential theft (14%).
  • Despite 63% of Canadian SMBs saying cybersecurity is a part of their culture, less than half of Canadian SMBs (46%) plan to increase their investment in cybersecurity, with 10% planning to decrease spending in this area.
  • Only a third of Canadian SMBs (35%) regularly discuss cybersecurity in their organization. Interestingly, almost 1 in 10 micro-businesses (8%) in Canada do not know what to do in the event of a cybersecurity incident.
  • Despite cyber threats being a major threat to more than two-thirds of Canadian SMBs, only 39% have security education and training in place for employees, and less than half (45%) of SMB employees would contact their IT department immediately following a cybersecurity incident.

Ben Aung, EVP Chief Risk Officer, Sage, said: “Navigating the fast-paced world of cybersecurity can be overwhelming for SMBs, who often lack dedicated IT expertise. While our research highlights their genuine concern for cybersecurity, they seek guidance to comprehend and mitigate risks beyond the misconception of it merely relying on firewalls and tools. At Sage, our commitment is to make cybersecurity accessible, fostering confidence through knowledge, resources, and a human-centric approach, empowering SMBs to strengthen their cybersecurity culture even with limited budgets.”

With cyber threats multiplying every day, knowing where to start and what is important, while overcoming barriers such as cost, is critical for SMBs who want to bolster their cyber resilience.

Aaron de Vries, Vice President, Fully Managed, TELUS, said: “Cyber crime is a real threat, especially to small and medium businesses. Their digital presence can turn into a potential weak link within the supply chain and expose the business, its partners and, most importantly, its customers. At the same time, thinking ahead when it comes to cybersecurity presents a unique opportunity to carve out a competitive edge - enhancing an organization’s reputation and building trust with customers. By providing cybersecurity services, we are helping more and more business owners to proactively protect themselves.”

Half of Canadian SMBs (50%) are calling on cybersecurity companies to do more to educate and provide support, with another nearly half (47%) believing it is the government’s responsibility and a further 41% saying the onus should be on trusted tech partners to help guide them.

Michael Cheong, Chief Financial & Operating Officer (CFOO), United Way of Greater Toronto, said: “In today's digital world, cybersecurity hurdles are a constant reality for organizations like ours. We face data breaches, phishing attempts, ransomware attacks, etc. – it's a maze out there. As a nonprofit, juggling protection and growth is a real challenge. The cyberworld is a puzzle we can't afford to ignore. Safeguarding while advancing is the name of the game, and finding solutions that fit our size and scale is a must. In this journey, a helping hand from technology companies and government support for nonprofit organizations are crucial. With their help, we can navigate this complex landscape with more confidence and resilience.”

The new Sage report – Cybersecurity for SMBs: Navigating Complexity and Building Resilience can be accessed here.

For guidance on how to navigate cybersecurity for your business, visit the Sage Trust and Security Hub.

Media Contact

Monique Daniel
Sage
monique.daniel@sage.com
(905) 781-0758

About Sage 
Sage exists to knock down barriers so everyone can thrive, starting with the millions of Small and Mid-Sized Businesses served by us, our partners and accountants. Customers trust our finance, HR and payroll software to make work and money flow. By digitising business processes and relationships with customers, suppliers, employees, banks and governments, our digital network connects SMBs, removing friction and delivering insights. Knocking down barriers also means we use our time, technology and experience to tackle digital inequality, economic inequality and the climate crisis.

Methodology

Sage’s research was conducted by independent market research company, Danebury Research, between 4th April and 15th April, 2023, via 2,100 online interviews with decision makers in SMBs with up to 499 employees.

In Canada, 500 interviews were conducted with decision makers in the tech industry whose company resells tech and IT supplies/services.

The 2,100 interviews were split across nine markets. These were: UK (500), U.S. (500), France (100), Germany (100), Portugal (100), Spain (100), South Africa (100), Canada (500) and Australia (100). In addition to presenting global, overarching trends, the results were broken down into individual market tables and regional samples.

Notes to Editors

Key findings – Global research
48% of SMBs have experienced a cybersecurity incident in the past year 
91% expect cybersecurity investments to increase or remain the same in the coming year
69% of SMBs say cybersecurity is part of their culture, but most only discuss when something changes or goes wrong internally
51% say keeping on top of new threats is their biggest challenge 
19% of SMBs rely solely on basic controls
58% of SMBs backup their data
80% of SMBs have a process in place to manage cybersecurity risks of remote workers
25% of those with a process in place acknowledge that not all adhere to it
52% want more support with cybersecurity education and training
44% say economic uncertainty/cost of living has reduced cybersecurity budgets
64% of SMBs of SMBs use cyber insurance – 74% plan to use it next year

Cybersecurity challenges
45% - Ensuring employees understand what is expected of them 
44% - Educating employees about cyber security 
43% - Understanding what security is needed