Half of Canadian Companies Targeted in Cyber Attack Pay Ransom

New data from IT firm NOVIPRO shows Canadian companies are vulnerable to cyber attacks and more than half pay a ransom to criminals.

Canadian IT company, NOVIPRO has unveiled its sixth annual IT Portrait of Canadian Businesses in collaboration with market research and analytics firm Leger, showing a deep vulnerability Canadian companies have to computer attacks. The study reveals that more than half (56%) of organizations targeted by malware have paid the amounts requested by cybercriminals. Of these, one in three companies (33%) retained the services of a negotiator, while 23% proceeded without the help of an intermediary.

Sixty percent of companies participating in the survey state they have sensitive customer data such as confidential information, credit card numbers and social insurance numbers and nearly one third (28%) of the companies surveyed value their information assets at more than $1 million.

“As an entrepreneur, I am very concerned that so many organizations are paying a ransom,” says Yves Paquette, co-founder, and CEO of NOVIPRO. “Companies need to be proactive in preventing cyberattacks, otherwise the impact will be devastating to them and their customers. If organizations invested even a fraction of the potential cost of an attack, they could easily put systems in place to guard against such fraud. In the physical world, you’d employ a detachment of guards to protect something with a million dollar value, yet there seems to be a disconnect when the asset is digital.”

Nearly half (43%) of respondents are more concerned about a breach since the introduction of hybrid work, prompting most organizations (76%) to take the time to review their security practices, whether it’s providing training to employees (32%), developing a telecommuting policy (31%) or investing in software (29%).


Companies that are victims of cyberattacks admit that their employees are the largest source of cyber threats (53%). Of these, 31% are motivated by malicious intent and 22% unintentionally trigger an attack by clicking for example, on a fraudulent link. Despite this, the percentage of organizations that have trained their teams continues to steadily decrease over the past three years.

“The pandemic has forced companies to focus their energies on operational emergencies,” explains Dominique Derrier, Chief Information Security Officer, NOVIPRO. “We see that in 2021 organizations are more aware of computer threats, but are slow to take significant action. It is imperative that organizations apply the latest infrastructure and engage the right experts to ensure their IT is properly secured. Not only are their operations at stake, but their reputations as well.”

Additional findings:

Work-from-home means cloud computing is here to stay: While the fifth edition of this study found a marked acceleration in cloud adoption by Canadian businesses due to COVID-19, the 2021 data shows that the trend continues. No doubt a sign that telecommuting or telework is becoming permanent, a third of respondents (33%) cite it as one of the reasons IT professionals encourage or would encourage companies to opt for cloud computing.

Attraction and retention are the challenges of the day: Not surprisingly, the difficulty of attracting qualified resources (43%) and the retention of key personnel (39%) are the major challenges for human resources in the IT field. The pandemic has exacerbated these issues as more than a third of organizations have struggled to attract skilled talent (45%), retain key resources (36%) or engage and motivate teams (31%). When the pandemic struck in 2020, more than half of companies wanted their employees to work from home for more than three days per week. One quarter of respondents also intended to allow full-time remote work. Practices have continued to evolve in this area, with 52% of companies having reduced the number of days employees are authorized to work from home in 2021.

AI investment is down: More cautious since the pandemic, companies are forecasting less technology investment in the next two years (80%) compared to 2020 (88%); Ontario companies (85%) are planning to invest the most in the next two years. For the second year in a row, investment plans in advanced data analytics and artificial intelligence are declining, falling to 18%, from 29% in 2020. If Quebec was among the leaders in this sector before the pandemic, it is now the Canadian province with the least focus on AI, while British Columbia (24%) is in first place for the first time in six years.

Renewed trust in IT teams: The survey shows that 40% of companies have more confidence in their IT team when it comes to security in the wake of COVID-19.

The full data report can be viewed here