Okta’s research reveals that while cyberattacks are top of mind for Canadian SMBs, many lack the resources and awareness to mitigate financial and human damages.
Every year, billions of dollars are lost in Canada to cyberattacks, but new research shows that nearly one third (32 per cent) of Canadian small and medium-sized businesses (SMBs) that have been hit with a cyberattack aren’t even aware of the financial impact.* A new study* from Okta, Inc.the leading independent Identity provider, found that SMBs operate within an unfamiliar and unpredictable landscape facing far-reaching impacts on their business.
Also Read: Uptime Continues Expansion with Key North American Hire
This lack of awareness reveals a significant vulnerability, as many SMBs don’t recognize the financial consequences of cyberattacks until they face them. Just over half (58 per cent) are willing to invest in cybersecurity measures after experiencing an attack, highlighting that SMBs end up paying the price in the aftermath. About one-in-five SMBs (16 per cent) invest over $200,000 in cybersecurity measures following an attack.
“Many SMBs rely on identity via their email providers, assuming these gaps won’t be exploited. In reality, cybercriminals are targeting these weaknesses,” said Dan Kagan, SVP and Country Manager at Okta Canada. “As AI-powered attacks become more sophisticated, SMBs must strengthen their identity protections to safeguard operations and, most importantly, customer trust.”
The stressful reality of cyberattacks
While the financial losses for Canadian SMBs due to cyberattacks are significant, the toll extends far beyond dollars. According to Okta’s research, close to 60 per cent of Canadian SMB owners rank cyberattacks as a top concern – second only to inflation and high interest rates. And nearly a third (30 per cent) of small business owners who have experienced a cyberattack, report a negative impact on their mental well-being.
The mental toll also trickles down through organizations, with close to half (47 per cent) of SMBs worried about the impact on their employees’ mental health. Smaller companies, with limited staff and stretched resources, find it even harder to rebuild trust and morale after a security breach, with over 20 per cent citing a direct impact on employee morale.
“The impacts of a cyberattack on small and medium-sized businesses in Canada are wide-reaching, encompassing not only financial but also psychological and operational repercussions that can disrupt businesses and their workforces for months,” said Kagan. “Today’s business owners need a proactive and holistic approach to cybersecurity that can scale with their operational and budget needs, and as leaders, it’s essential to not only ensure robust security measures but also to empower their teams with clarity and confidence.”
Also Read: CIO Influence Interview with Donald Fischer, Co-founder and CEO, Tidelift
Basic security tools leave SMBs exposed in today’s sophisticated threat landscape
An overwhelming majority – over 75 per cent – of Canadian SMBs rely primarily on basic security measures like antivirus software, which are no longer sufficient against increasingly complex attacks. More advanced solutions, such as identity management (38 per cent) and biometrics (21 per cent), remain underutilized, leaving many businesses exposed.
The survey also found that a more layered approach to security leads to higher confidence. SMBs using tools like identity management and biometrics in addition to multi-factor authentication and antivirus solutions report higher confidence (75 per cent) in their ability to detect cyberattacks compared to those that only use multi-factor authentication and antivirus solutions (64 per cent).
It’s time to focus on security culture
While many SMBs worry about team stress from attacks, fewer provide adequate cybersecurity training. The survey found that the majority of Canadian SMBs (70 per cent) are confident that employees understand their company’s cybersecurity compliance measures, yet fewer provide employee training on cybersecurity best practices — with 47 per cent in Canada doing so. This gap between confidence and action reveals a cultural oversight that can leave businesses vulnerable, even with the right technology in place.
Fostering a strong security culture is essential for protecting SMBs from cyberattacks, as it not only empowers employees with the tools to recognize threats but also builds a collective responsibility toward maintaining security. Given the significant risks facing today’s businesses, addressing these challenges requires more than just technology. It demands a multifaceted approach that includes tools, resources, and a strong security culture.
[To share your insights with us as part of editorial or sponsored content, please write to psen@itechseries.com]
