Only 34% of small and medium-sized business employees report receiving mandatory cyber security awareness training

 New IBC report card shows there is room for improvement in cyber security awareness

TORONTO, Sept. 22, 2022 /CNW/ – New Insurance Bureau of Canada (IBC) research has found that small and medium-sized Canadian businesses have been slow to adapt to increasingly frequent and sophisticated cyber attacks. The results are featured in IBC’s first Cyber Savvy Report Card, which assigned Canadians a “C” letter-grade for cyber safety actions and knowledge.

IBC’s report card is informed by the results of a survey of 1,525 Canadians that work at small and medium-sized businesses (defined as businesses with fewer than 500 employees). The survey revealed a number of startling findings:

  • Two-in-five of employees surveyed (42%) say they have seen an increase in cyber scam attempts over the last year.
  • Only a third of surveyed employees (34%) report that their company provides mandatory cyber security awareness training.
  • Only half (50%) of employees surveyed report that their organization has introduced multi-factor authentication, a critical cyber security defence mechanism that requires a user to provide two or more verification factors to access a corporate network or application.
  • Only a quarter of employees surveyed (24%) report that their employer conducts phishing email simulations to help promote cyber vigilance.

“As cyber criminals get savvier, it’s our collective responsibility to stay one step ahead,” said Celyeste Power, Executive Vice-President, Strategic Initiatives and Advocacy, IBC. “That’s why IBC has launched, a new cyber education initiative to help small business owners and their employees better understand the threat of cyber attacks and what they can do to reduce their risk.”

Employees’ actions increase their company’s cyber security risk

IBC’s survey also revealed that 7 in 10 employees of small and medium-sized businesses (72%) reported at least one behaviour that could allow a cyber criminal to gain access to their company’s computer systems. This strengthens the argument for more employers to take action to reduce cyber threats. According to survey respondents:

  • 27% use one password to access multiple websites they use for work;
  • 23% access public…