Cyberattacks are up 9% over the past year, spurring Canadian business leaders to rank cybersecurity as the top threat to growth, according to KPMG’s latest Private Enterprise survey.
“The rapid escalation in both the frequency and complexity of cyberattacks has Canadian business leaders identifying it as the greatest threat to their company’s growth objectives,” says Hartaj Nijjar, partner and national leader of KPMG in Canada’s cybersecurity practice.
One significantly impacting factor is a gap between the demand and supply of cybersecurity professionals in Canada.
The KPMG report found that 70% of small- and medium-sized businesses in Canada lack the skilled personnel to implement cybersecurity defences and monitor for attacks, a figure that is up from last year.
“Part of the problem is they don’t have the expertise to implement cybersecurity defences or monitor for attacks,” Nijjar said. “The first line of defence is good cyber hygiene, and that means your employees must always be on high alert.”
While some firms cite a lack of financial resources, Nijjar is quick to point out that “investing more up front for cybersecurity defences is less costly in the long run.”
There are enough recent local examples of this being the case.
To illustrate, the Canada Revenue Agency paid out millions of dollars in false refunds to cyber scammers over multiple years due to “gaping flaws in the agency’s ability to detect fraud.” The CRA admitted it was hit with more than 31,000 privacy breaches from 2020 to 2023, impacting 62,000 individual Canadian taxpayers.
And it’s not just Canada’s tax agency that is paying a high toll for lack of sufficient cyber defences. From London Drugs to Indigo, well-known Canadian brands continue to suffer from cyber assault.
Being the victim of such an attack is no trivial affair, either, with IBM discovering that the average data breach costs a Canadian company more than $6 million.
With roughly 25,000 empty positions to fill, Canada’s cybersecurity sector remains well shy of filling the void. Even so, many entities across Canada are doing what they can do combat the talent dearth.
In September, for example, the Government of British Columbia announced the continuation of a partnership with NPower Canada, Microsoft Canada, and CIBC to expand the Canadian Tech Talent Accelerator program, a collaboration enabled by Canada’s Global Innovation Cluster for digital technologies, DIGITAL.
Another example is Check Point’s expansion of the SecureAcademy Program in Canada to provide students with cybersecurity skills. Operating across universities and colleges, SecureAcademy delivers a curriculum that encompasses topics such as threat prevention, network security, and cloud and mobile security, mobile security.
Other organizations helping to fuel the cybersecurity talent pipeline in Canada include BC-born Lighthouse Labs, which runs the Cybersecurity Bootcamp Program since 2021, as well as universities like uOttawa and international giants such as Google.
There’s also the Catalyst Cyber Accelerator at Toronto Metropolitan University, plus CyberSci, which runs a series of regional cyber challenge events in major cities across Canada each year.