Earlier this year, retailer Indigo Books & Music took a major digital blow: the iconic Canadian giant’s e-commerce website was abruptly shut down due to a “cybersecurity incident.”
It was hardly the only recent cyber security issue in Canada. Cyberattacks increased globally by 38% from 2021 to 2022, according to data from Check Point Research. Canada’s digital security force is severely understaffed, with 25,000 cybersecurity jobs currently unfilled in the country.
Our system shows the strain. According to recent data from IBM, the average data breach costs a company $7 million—more than most countries in the world.
And which sectors are hit the hardest? Not surprisingly, we find that Financial and Technology rank first and third for the highest average cost of a data breach (at $12 million and $9 million respectively).
There is currently tremendous pressure on fintechs—wielding limited resources—to secure valuable private data from cyber threats. When an attack lands, it can be devastating.
Moreover, many companies are passing on the cost of damage to consumers. IBM found a majority of firms increase the price of their products or services to financially recover from a cyber attack while only half boost their security budgets in response to a hit.
“Most companies are passing the cost on to consumers,” the report warns, “when they should be improving security.”
But what can fintechs do to boost defence when one in six cybersecurity positions in Canada go unfilled?
IBM’s 2023 “Cost of a Data Breach Report” suggests that training employees to have cyber-security skills can “significantly reduce the total cost of a breach.” It is ranked as the most impactful solution to implement.
This up-skilling approach is becoming increasingly common across Canada to address shortfalls in-house. This method and others are being adopted in various ways throughout the country to tackle the nation’s cybersecurity concerns.
IBM also recommends adopting AI-based cybersecurity tools.
The report further warns that some tactics will increase a firm’s vulnerability to attacks. This includes having a predominantly remote workforce, migrating key data or operations to the cloud, and involving more third parties in processes than necessary.