Skip navigation


Some employers, staff fall short on cyber safety: Survey

January 13, 2023

As cyber threats increase and criminals become more sophisticated, how prepared are some Canadian businesses and their employees to protect themselves?

Not very.

According to new research by the Insurance Bureau of Canada’s Cyber Savvy Report Card, there is lots of room for improvement among Canadian employees at small and medium-sized businesses (SMB) and their employers.

The report, which was based on a survey of SMB 1,525 employees across Canada, gave them a “C” grade for cyber safety awareness and actions.

Here are some of the findings:

  • 72% of respondents reported at least one behaviour that could potentially compromise their employer’s cyber security or data.
  • 30% of surveyed employees don’t believe cybercriminals would target them at work
  • 28% of respondents say their employer is solely responsible for protecting their workplace from cyber threats.

IBC research found that small and medium-sized Canadian businesses have been slow to adapt to increasingly frequent and sophisticated cyber attacks. Only a third of surveyed employees (34%) report that their company provides mandatory cyber security awareness training.

“United you stand, divided you fall,” Katharine Hall, cyber practice leader at Aon Canada, said recently in a RIMS Canada Conference panel discussion. “Cyber risk management must be led from the top.

“IT, risk management, HR and legal need a coordinated approach to managing risks. It is not just one guy in IT who’s going to manage this for you,” she said.

Data breaches cost $7.3 million

The research also found that 21 per cent of respondents believe that most cyber breaches are minor and easy to resolve, while the reality is that they can have a devastating financial impact. In 2021, the average total cost of a data breach to Canadian organizations was an estimated $7.3 million.

Attitudes toward cyber security also raise concerns. Employees may underestimate the role they play in their organization’s cyber defences – especially since criminals often target them to gain access to their workplace systems and networks.

“Everyone has a role to play in reducing cyber threats in the workplace,” said Celyeste Power, executive vice-president of strategic initiatives and advocacy at IBC in a press release. “While cyber insurance is an important backstop for businesses in the event of a cyber breach, it should be thought of as one component within a complete cyber risk mitigation strategy aimed at reducing an organization’s vulnerability to online threats.”

The IBC survey also revealed the following:

  • Only half of the employees surveyed report that their organization has introduced multi-factor authentication, a critical cyber security defence mechanism that requires a user to provide two or more verification factors to access a corporate network or application.
  • Only a quarter of employees surveyed report that their employer conducts phishing email simulations to help promote cyber vigilance.
  • 27% use one password to access multiple websites they use for work.
  • 23% access public Wi-Fi while using their work computer.
  • 19% download software/apps on their work devices that their employer did not provide.
  • 7% allow family members or friends to use their work computers; and
  • 5% share their work login or password by email or text.

Meanwhile, hybrid/remote employees are even more likely (77%) to take actions that may compromise their employer’s cyber security or data - of increasing concern as hybrid work has become the new norm in many sectors.

The IBC recently launched a website,, that provides resources and information about the proactive measures businesses and employees can take to help reduce their cyber risk. You can also take the cybersavvy challenge to find out how much you know about being cyber-safe.

About the survey: It was conducted from August 17 to 19, 2022, among 1,525 Canadians aged 18 and over who work primarily on a computer or other digital device at an organization with 2 to 499 employees. The sample was balanced with respect to age, gender and region to match the profile of the working Canadian population. Interviews were conducted in English and French.

With files from Canadian Underwriter and the Insurance Bureau of Canada