CIRA publishes an annual survey of Canadian IT security decision-makers to better understand how they are coping with cyber threats. This year’s survey, conducted by research firm The Strategic Counsel in August, collected over 500 responses from IT professionals across the country. This is the second blog post in a series of four for 2023.
Canadian organizations in virtually every sector continue to fall prey to cybercriminals with alarming frequency. In recent months, the likes of Suncor Energy, Indigo, The Weather Network and Sick Kids have all been the victims of devastating and costly cyber attacks. And those are just the headline grabbers. Data from the 2023 CIRA Cybersecurity Survey found that four in ten organizations (41 per cent) have experienced a cyber attack in the last 12 months.
If cybersecurity professionals are understandably worried about their ability to step up their defences to protect their organizations, they’re equally concerned about the rising costs associated with recovery. For organizations unlucky enough to be victims of a successful attack, one thing is crystal clear: recovering from a cyber incident is enormously costly.
Paying off hackers after a ransomware attack is one of the most obvious costs victims find themselves on the hook for. These types of attacks are now commonplace in Canada and will continue to grow with the widespread availability of fee-based “ransomware-as-a-service” schemes , which enable low-skill hackers to launch attacks with the click of a button.
In this year’s survey, just under a quarter of organizations (23 per cent) say they experienced a ransomware attack in the last 12 months. Of these, the majority (70 per cent) agreed to pay the ransom. Overall, organizations that paid a ransom typically paid at least $25,000, while nearly one quarter (22 per cent) paid their attackers between $50,000 and $100,000.
In some cases, paying the initial ransom still isn’t enough to get started on the road to recovery. With a so-called double-extortion attack, the victim pays not one ransom, but two: one to regain access to their data and a second to prevent the attacker from exposing that data on the dark web.