FACTS
- Phishing Attacks: Employees clicking on fraudulent emails or links can give hackers access to sensitive company data and systems.
- Weak Password Practices: Using simple, repeated, or shared passwords increases the risk of unauthorized access to work accounts and systems.
- Unsecured Devices: Laptops, smartphones, or USBs without proper encryption or antivirus expose the network to malware and data theft.
- Outdated Software: Failure to update or patch systems leaves known vulnerabilities that can be exploited by cybercriminals.
- Lack of Training: Employees unaware of digital hygiene or scam recognition are more likely to fall victim to cyber threats.
- Remote Work Vulnerabilities: Home networks and personal devices often lack the same protections as on-site systems, increasing exposure.
- Insider Threats: Disgruntled or negligent employees may intentionally or accidentally compromise security systems or leak confidential data.
STATS
- In Canada, 44% of organizations reported experiencing a cyber attack (attempted or successful) in the last 12 months as of 2024.
- In the US, there were 2,741 publicly disclosed data breaches between November 2023 and April 2024, compromising over 6.8 billion records.
- Business email compromise (BEC) incidents in Canada surged from 15% of total cyber incidents in 2023 to 32% in 2024.
- The industry-wide Phish-prone Percentage stands at 33.1%, meaning one-third of employees are susceptible to phishing and social engineering attacks (2025 benchmark).
- 44% of survey participants in a 2025 study admitted to interacting with a phishing message in the last year.
- Only 34% of small and medium-sized business employees in Canada report receiving mandatory cybersecurity awareness training.
- Statistics Canada reported that cybersecurity incidents affected 18% of Canadian businesses in 2021, with over half experiencing downtime or recovery costs.