- Introduction
NetDiligence® has released its 2024 Cyber Claims Study, analyzing over 10,000 claims from cyber incidents occurring between 2019 and 2023. This study provides invaluable insights into the ever-evolving cyber risk landscape and its impacts on Canadian small and medium enterprises (SMEs). As cyber threats continue to grow in number and sophistication, it is crucial for SMEs to understand these risks and implement effective cybersecurity and risk management strategies.
II. Key Findings Relevant to Canadian SMEs
Incident Costs and Payouts
The data underscores the significant financial toll cyber incidents can have on Canadian SMEs. The average five‐year total incident cost stood at about $782.56K CAD per incident, with the highest reaching $20.1M CAD. Although incident frequency generally rose year over year, 2023 saw a marked decrease, hinting that broader implementation of cybersecurity measures is helping reduce the overall cost of claims.
B. Causes of Loss
The study identified six main causes of loss for Canadian SMEs and their estimated average incident costs :
- Ransomware : 45.79% of all claims, with an average incident cost of approximately $1.34M CAD.
- Business Email Compromise (BEC) : 22.43% of all claims, with an average incident cost of approximately $201K CAD.
- Hacker : 14.02% of all claims, with an average incident cost of approximately $151K CAD.
- Staff Mistake : 7.48% of all claims, with an average incident cost of approximately $38.86K CAD.
- Malware/Virus : 5.61% of all claims, with an average incident cost of approximately $714.22K CAD.
- Wire Transfer Fraud : 4.67% of all claims, with an average incident cost of approximately $58.96K CAD.
C. Sector-Specific Findings
Although Canada-only data was limited, the study highlighted five sectors especially prone to cyber incidents over the past five years, collectively accounting for 52% of claims and 59% of total incident costs :
- Professional Services : 20% of all claims, with an average incident cost of approximately $246.56K CAD (with a notable spike in 2023 approaching $415.4K CAD).
- Healthcare : 11% of all claims, with an average incident cost of approximately $349.74K CAD.
- Manufacturing : 9% of all claims, with an average incident cost of approximately $335K CAD.
- Financial Services : 7% of all claims, with an average incident cost of approximately $277.38K CAD (with a notable spike in 2023 approaching $419.42K CAD).
- Retail : 6% of all claims, with an average incident cost of approximately $300.16K CAD.
Their exact rankings may vary from year to year, but these five sectors have consistently appeared among the most impacted. These five sectors together represented 52% of all claims and 59% of the total incident costs among SMEs.
III. What can be done?
Despite the alarming statistics, Canadian SMEs can take several concrete steps to reduce risk and better manage potential incidents :
- Security Assessments : Conducting comprehensive cybersecurity assessments to identify vulnerabilities and implement necessary controls.
- Incident Response Planning : Developing and regularly updating incident response plans to ensure swift and effective action in the event of a cyber incident.
- Employee Training : Providing ongoing training to employees on cybersecurity best practices and the latest threat vectors, particularly focusing on social engineering and phishing attacks.
- Insurance Coverage : Obtaining sufficient and appropriate cyber insurance coverage and understanding policy terms, exclusions and limits to ensure comprehensive protection.
If you’d like professional guidance on bolstering your cybersecurity posture, contact our team. We can help improve your company’s risk management approach—ensuring you’re prepared for whatever challenges lie ahead.
By : Me Alexandra Kallos and student Louisa Kouretas