OKTA Okta Inc

Every year, billions of dollars are lost in Canada to cyberattacks, but new research shows that nearly one third (32 per cent) of Canadian small and medium-sized businesses (SMBs) that have been hit with a cyberattack aren’t even aware of the financial impact.* A new study* from Okta, Inc. (NASDAQ: OKTA), the leading independent Identity provider, found that SMBs operate within an unfamiliar and unpredictable landscape facing far-reaching impacts on their business.

This lack of awareness reveals a significant vulnerability, as many SMBs don’t recognize the financial consequences of cyberattacks until they face them. Just over half (58 per cent) are willing to invest in cybersecurity measures after experiencing an attack, highlighting that SMBs end up paying the price in the aftermath. About one-in-five SMBs (16 per cent) invest over $200,000 in cybersecurity measures following an attack.

“Many SMBs rely on identity via their email providers, assuming these gaps won’t be exploited. In reality, cybercriminals are targeting these weaknesses,” said Dan Kagan, SVP and Country Manager at Okta Canada. “As AI-powered attacks become more sophisticated, SMBs must strengthen their identity protections to safeguard operations and, most importantly, customer trust.”

The stressful reality of cyberattacks 

While the financial losses for Canadian SMBs due to cyberattacks are significant, the toll extends far beyond dollars. According to Okta’s research, close to 60 per cent of Canadian SMB owners rank cyberattacks as a top concern – second only to inflation and high interest rates. And nearly a third (30 per cent) of small business owners who have experienced a cyberattack, report a negative impact on their mental well-being.

The mental toll also trickles down through organizations, with close to half (47 per cent) of SMBs worried about the impact on their employees' mental health. Smaller companies, with limited staff and stretched resources, find it even harder to rebuild trust and morale after a security breach, with over 20 per cent citing a direct impact on employee morale.

“The impacts of a cyberattack on small and medium-sized businesses in Canada are wide-reaching, encompassing not only financial but also psychological and operational repercussions that can disrupt businesses and their workforces for months,” said Kagan. “Today’s business owners need a proactive and holistic approach to cybersecurity that can scale with their operational and budget needs, and as leaders, it’s essential to not only ensure robust security measures but also to empower their teams with clarity and confidence.”

Basic security tools leave SMBs exposed in today’s sophisticated threat landscape

An overwhelming majority – over 75 per cent – of Canadian SMBs rely primarily on basic security measures like antivirus software, which are no longer sufficient against increasingly complex attacks. More advanced solutions, such as identity management (38 per cent) and biometrics (21 per cent), remain underutilized, leaving many businesses exposed. 

The survey also found that a more layered approach to security leads to higher confidence. SMBs using tools like identity management and biometrics in addition to multi-factor authentication and antivirus solutions report higher confidence (75 per cent) in their ability to detect cyberattacks compared to those that only use multi-factor authentication and antivirus solutions (64 per cent).

It’s time to focus on security culture

While many SMBs worry about team stress from attacks, fewer provide adequate cybersecurity training. The survey found that the majority of Canadian SMBs (70 per cent) are confident that employees understand their company’s cybersecurity compliance measures, yet fewer provide employee training on cybersecurity best practices — with 47 per cent in Canada doing so. This gap between confidence and action reveals a cultural oversight that can leave businesses vulnerable, even with the right technology in place.

Fostering a strong security culture is essential for protecting SMBs from cyberattacks, as it not only empowers employees with the tools to recognize threats but also builds a collective responsibility toward maintaining security. Given the significant risks facing today’s businesses, addressing these challenges requires more than just technology. It demands a multifaceted approach that includes tools, resources, and a strong security culture.

###

About OktaOkta is The World’s Identity Company™. We secure Identity, so everyone is free to safely use any technology. Our customer and workforce solutions empower businesses and developers to use the power of Identity to drive security, efficiencies, and success. Learn why the world’s leading brands trust Okta at okta.com.

About the survey*The survey was conducted by Okta among members of the Angus Reid Forum.. The survey was conducted between August 20 and 26, 2024. There were 500 small to medium-sized businesses surveyed nationally in both the USA and Canada. All data in this report is a result of these surveys unless otherwise noted.

Agustina Ruiz, Corporate Communications Manager, Americas
Okta
agustina.ruiz@okta.com