The cost to Canadian companies from malware and people-based cyberattacks, such as phishing and social engineering, was an average of US$9.25 million in 2018, according to new research by Accenture and the Ponemon Institute.

Accenture’s 2019 Cost of Cybercrime Study was based on interviews with more than 2,600 security and information technology (IT) professionals at 355 organizations worldwide, including 179 senior leaders from 25 companies in Canada.

Ahmed Etman

Ahmed Etman

“As business innovation propels forward, so too does the expanding threat landscape, leading to an increase in cyberattacks,” said Ahmed Etman, managing director of security at Accenture Canada, in a news release.

“Canadian organizations must prioritize protecting people, take a data-centric approach to security to limit information loss and business disruption, and implement AI technology and analytics to reduce the rising cost of attacks.”

Globally, the report said the cost to companies due to malware increased 11 per cent to more than US$2.6 million per company, on average, and the cost due to malicious insiders — defined as employees, temporary staff, contractors and business partners — jumped 15 per cent, to US$1.6 million per organization, on average.

“From a global perspective, together these two types of cyberattacks accounted for one-third of the total US$13 million cost to companies, on average, from cybercrime in 2018, an increase of US$1.3 million in the past year. Similarly, the cost to companies from phishing and from social engineering increased to US$1.4 million per organization, on average,” said the report.

Notable study findings specific to Canada include:

  • In 2018, surveyed companies (25 Canadian companies) recorded an average of 75 cyberattacks, which translates to almost 1.5 attacks per week.
  • The business consequences of increasingly sophisticated cyberattacks are expensive. In 2018, the cost of business disruption was US$2.96 million, and US$3.8 million in information loss.
  • 81 per cent of business leaders say new business models introduce technology vulnerabilities faster than they can be secured.
  • Malicious insiders and malicious code are the most expensive type of attacks, costing companies on average US$3.3 million. These attacks also take the longest to resolve – twice as long as ransomware and phishing and social engineering attacks.
  • Automation, AI and machine-learning technologies provide the highest cost savings when fully deployed.

“Increased awareness of people-based threats and adopting breakthrough security technologies are the best way to protect against the range of cyber risks,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute.

– Mario Toneguzzi


The views, opinions and positions expressed by columnists and contributors are the author’s alone. They do not inherently or expressly reflect the views, opinions and/or positions of our publication.