Contact Us


DataStealth Blog

Canadian Companies Have Strong Cyber Security Protocols In Place, But Lag in Testing Their Effectiveness

By Security Features • October 5, 2021

KPMG's 2021 Cyber Security Poll recently surveyed business owners or decision-makers at primarily medium-sized businesses and 1,000 Canadians ahead of Cyber Security Awareness Month for their views on how well companies can defend themselves from the growing threat of cyberattacks and address consumer expectations.

The poll research revealed that few companies integrate cyber security into their governance and management processes and are adequately prepared to ward off a cyberattack. Only 38 percent say cyber security is "deeply embedded" into all aspects of their business, and only 39 percent are "very confident" in their ability to detect and respond to an attack.

"While many businesses have access to many of the cyber security tools they need, it is critical that they integrate them into their operations at every level, as an attack can come from anywhere," says Hartaj Nijjar, Partner, Cyber Security, KPMG in Canada. "If you don't have the right security controls embedded by design, you'll be more exposed."

"With cybercrime intensifying, Canadian businesses need to make this a priority to protect not only their own data but that of their customers. Consumers are paying much closer attention to the risks and are holding companies to account for protecting their data. Our poll research shows that companies could be doing more to improve their cyber security culture."

Key Survey Highlights:

  • 94 percent of small- and medium-sized businesses say they monitor their environments for potential cyberattacks

  • Just 39 percent say they are "very confident" in their ability to detect and respond to a cyberattack, and 59 percent are "somewhat confident". The remaining two percent are "not confident at all"

  • 56 percent have developed comprehensive playbooks and run through cyber simulations regularly, while 44 percent have not or do not do this

  • Only two in five (38 percent) say cyber security is "deeply embedded" into all aspects of their business. These companies integrate cyber security into all aspects of their governance and management processes, and they have a cyber security leader who plays a key role in their company

  • 56 percent said cyber security is "somewhat embedded" into all aspects of their business, that is, it's weaved into some of their governance and management processes but not all of them

  • Nearly half (48 percent) plan to increase their cyber security budgets by up to 20 percent in the next 12 months, while one-third plan to increase cyber spending by less than five percent over the coming year.

The poll also finds that while two-thirds of SMEs have IT staff partially or fully devoted to cyber prevention, slightly more than half (51 percent) also partially outsource or co-source their cyber security functions. Nearly a quarter (23 percent) fully outsource through qualified managed service providers.

Canadians Worry About Cyberattacks

Canadian consumers, meanwhile, remain highly concerned about cyberbreaches. Ninety-three percent "are concerned or leery" about sharing their personal or financial information with any organization that's had a cyberattack or data breach, up from 90 per cent last year. And nearly eight in 10 (78 percent) worry about their personal data being stolen in a cyberattack on their financial institutions, retailers, wireless/internet providers and governments.

Other key consumer highlights

  • 89 percent say they are extra careful when they shop online because they're afraid of their information being hacked or stolen

  • Less than half (46 percent) are concerned about their personal data being stolen in a cyberattack on their employer

  • 58 percent say they no longer trust the government to keep their personal information safe

  • 52 percent of Canadians support the use of digital authentication measures such as biometric scans (fingerprint, voice, iris scan) to access government or business services if it provides more security over their personal data

About the KPMG 2021 Cyber security Poll

KPMG used Methodify, Delvinia's online research platform, to survey 1,001 Canadians and 253 small- and medium-sized businesses between September 1-13. Thirty-seven percent of companies had revenues between $10 million and $49.9 million, 25 percent had revenues between $50 million and $99.9 million and 38 percent had revenues of $100 million or more.

About KPMG in Canada

KPMG LLP, a limited liability partnership, is a full-service Audit, Tax and Advisory firm owned and operated by Canadians. For over 150 years, our professionals have provided consulting, accounting, auditing, and tax services to Canadians, inspiring confidence, empowering change, and driving innovation. Guided by our core values of Integrity, Excellence, Courage, Together, For Better, KPMG employs nearly 8,000 people in over 40 locations across Canada, serving private- and public-sector clients. KPMG is consistently ranked one of Canada's top employers and one of the best places to work in the country

The firm is established under the laws of Ontario and is a member of KPMG's global organization of independent member firms affiliated with KPMG International, a private English company limited by guarantee. Each KPMG firm is a legally distinct and separate entity and describes itself as such. For more information, see