Study reveals majority of Canadian organizations pay ransomware demands

October is Cybersecurity Awareness Month, and CIRA has released its annual cybersecurity survey that contains some pretty spooky numbers.

The latest edition of CIRA’s annual Cybersecurity Survey shows that over one-third (36 per cent) of Canadian cybersecurity professionals feel the volume of cyber attacks has increased during the pandemic. Nearly all (95 per cent) of the 510 security professional surveyed say that at least some of their new protections will remain permanent.

“It feels like the pandemic forced ten years of cybersecurity adoption to happen in about ten weeks,” said Mark Gaudet, CIRA general manager for cybersecurity and DNS services. “The pivot to work-from-home and employees using their own devices really increased the number of security threats facing organizations, and the bad guys did everything they could to take advantage of the situation. But our survey shows that Canada’s security pros didn’t take it laying down. They got to work and implemented new policies, technologies, and security training boot camps for staff—protections they plan to keep in place long after the pandemic.”

The full findings are featured in this year’s CIRA Cybersecurity Survey, which comes on the heels of high-profile ransomware attacks affecting hospitals, RCMP detachments, and major energy pipelines, amongst others. The data shows that, over the past year, roughly one in five (17 per cent) Canadian organizations experienced this type of attack. Of those, more than two-thirds (69 per cent) say they paid the ransom, suggesting that a majority simply fork over the cryptocurrency to avoid the downtime, reputational damage, and costs that result from not paying.

CIRA (The Canadian Internet Registration Authority) manages the .CA top-level domain on behalf of all Canadians. CIRA also develops technologies and services—such as CIRA DNS Firewall and CIRA Canadian Shield—that help support its goal of building a trusted internet for Canadians.