Canadian business may need a wake-up call on cybercrime

Cybercrime is a growing threat for global businesses but less than half see it as a major risk, a surprisingly low number given the financial damage it can cause, a new report warns.

Canadian businesses appear particularly unconcerned about cybercrime, which includes threats from hackers and organized criminals, according to consulting firm EY’s latest Global Fraud Survey.

It says 49 per cent of respondents worldwide see cybercrime as a high risk to their business. Broken down; 17 per cent see it as a “very low risk,” 31 per cent a “fairly low risk,” 30 per cent “fairly high risk,” and 19 per cent see it as a “very high risk.”

Cybercrime cost Canadian business US$3 billion in 2013, more than double the reported cost in the previous year, according to a recent Norton report.

“Cyber attacks are now a fact of life for business, posing a dynamic, relentless menace for leading companies. The threat is growing, and our survey suggests organizations may not be keeping pace,” says the report.

In Canada, less than 35 per cent of companies see the risk as high, a similar level as those in the Netherlands and Singapore, which the report says is “unexpectedly low.” That compares to 72 per cent of businesses in Japan and 70 per cent in the U.S. who see the risk of cybercrime as high.

Cybercrime continues to make headlines, including the recent high-profile incident reported by U.S. retailer Target Corp. In December, Target revealed that personal credit card data from millions of its customers was stolen by hackers who targeted credit card terminals in its stores. The company later said that fourth-quarter profit fell due in part to the breach. Not only were there costs to fix the problem, but the incident also scared off customers.

Online auction giant eBay said last month that it had been hacked and urged members to change their passwords. Evernote said Wednesday it had also been hacked, interrupting service and confusing users. Similarly, Tweetdeck, a popular service that streamlines tweets, was shutdown Wednesday after a security breach.

The EY report highlights research from the Economist Intelligence Unit saying a third of businesses surveyed have seen an increased in cybercrime over the past year. It says that 74 per cent of companies that had been breached didn’t make a public disclosure, despite growing pressure from regulators.

"Companies need to have a robust incident response strategy in place, or risk significant reputational — and financial — damage,” stated Mike Savage, EY’s Canadian fraud investigation and dispute services leader. “They can't afford to 'play it by ear' when an incident arises."

Fraud warning

The report also cautions companies about fraud in general. It says 20 per cent of Canadian executives believe bribery or corrupt practices happen widely in business in this country.

"That's disturbingly high,” says Savage. "Corruption interferes with fair competition for business. To overcome that, companies really need to create a culture where ethical behaviour is at the core of their operations – not just at home in Canada, but also at their overseas operations.”

The survey says 74 per cent of Canadian companies have whistleblowing hotlines in place, but that’s behind the U.S. where 96 per cent of companies reported have such systems, and 82 per cent in the U.K.

Still, the report notes there’s growing awareness about bribery and corruption in Canada.

It says 90 per cent of Canadian respondents report having clear penalties for breaking the anti-bribery/anti-corruption policies, up from 78 per cent from when the last survey was done two years ago.

The survey was conducted by Ipsos for EY and included interviews with 2,710 decision makers at companies in 59 countries between November 2013 and February 2014.