Canadians leery of sharing info after a cyberattack: KPMG Poll

Canadians wary of sharing info after cyberattack: KPMG

Amid this October’s #GetCyberSafe campaign, many Canadians want companies and governments to do more to keep their data safe from ‘ruthless’ hackers


​Nearly all Canadians (90 per cent) say they are "leery" about sharing their personal or financial information with any organization that's had a cyberattack or data breach, and over four in five (84 per cent) would take their business elsewhere, a new KPMG in Canada cybersecurity poll finds.

With the COVID-19 pandemic fuelling a surge in online everything – from working, shopping and connecting – more than half (54 per cent) of all Canadians say they are shopping online more than they ever did pre-COVID and an equal number say they're getting many more suspicious-looking emails as well.

"While social distancing has made us much more reliant on all things digital, the surge in cyberattacks and data breaches amid the COVID-19 pandemic is starting to undermine trust, with as many as four in five Canadians warning they would reconsider doing business with anyone that failed to keep their data safe," says Hartaj Nijjar, KPMG partner and national leader of Cyber Security Services. "The new reality in which we've living demands that every organization take a much-harder look at their cybersecurity strategy, systems, and protocols."

Since the pandemic started, Canadians have been hit mostly by phishing (38 per cent) or spear fishing (13 per cent) cyberattacks. Phishing attacks occur when attackers masquerade as authentic organizations to dupe the target into opening an instant message, email, or text message or clicking on an attachment. But, while phishing campaigns are sent to many recipients, spear phishing is highly targeted and personal; they look more legitimate.

"Cyber criminals are ruthless. They're after your identity, login credentials, money, and sensitive information," says Mr. Nijjar. "With cyberattacks becoming increasingly more sophisticated, organizations must do their part by improving their cyber resilience and continuing to promote #GetCyberSafe awareness and education."

The online poll of 2,003 Canadians was conducted between September 15 and 18.

Key Poll Highlights

  • 90 per cent of Canadians are "leery" about sharing their personal or financial information with any organization that's had a cyberattack or data breach.
  • 84 per cent would "definitely reconsider" doing business with a company that failed to keep their data safe.
  • 54 per cent of Canadians are shopping online more than they ever did pre-COVID-19. That jumps to 64 per cent for those between the ages 18 to 44. 
  • An equal number (54 per cent) also say they have received "a lot more" suspicious emails in the last six months, and 84 per cent are being "extra careful" when shopping online for fear their information will be hacked or stolen.
  • Over two-thirds (67 per cent) of Canadians are more worried now than ever about having their data breached or hacked, and 73 per cent of those 65 years old and over are especially worried about the spike in COVID-related cyberattacks.
  • The predominant types of cyberattacks on Canadians during COVID-19 were phishing (38 per cent) and spear fishing (13 per cent). Data breaches and malware incidents followed, at 12 per cent and 9 per cent, respectively. And, while most respondents didn't know if their employer had been cyberattacked, 12 per cent said that their organization had been a target or victim of phishing during COVID-19.
  • A quarter (25 per cent) of Canadians have had their login credentials stolen from a trusted site that was hacked with that number climbing to 34 per cent for those aged 18 to 34. Men were slightly more likely to have their credentials stolen than women (28 per cent vs. 22 per cent, respectively). And, more people in B.C. and Ontario had their user ID, passwords, and personal questions stolen, 30 per cent and 27 per cent, respectively.

Rebuilding confidence is key

While most Canadians have faith in organizations to safeguard their information, two in five (38 per cent) Canadians are not confident their personal information can be kept safe, with 17 per cent saying they are "pretty cynical" about the ability of companies or governments to protect their data. Over three in five (61 per cent) feel they no longer trust the government to keep their personal information safe.

"Canadians are sending a clear message that much more work needs to be done on the cybersecurity front to rebuild confidence and trust," says Mr. Nijjar.

Canadian CEOs already recognize the potential financial and reputational damage that can be inflicted by cybercrime, with CEOs identifying cyberattacks as one of the top three threats to their growth prospects, according to KPMG's recent 2020 Global CEO Outlook.

Other Poll Findings:

  • 94 per cent of Canadians say companies and governments should be "much more transparent" in how they protect and store their personal data.
  • 79 per cent of Canadians are angered by the lack of transparency over how their data is collected, stored, and used.
  • 95 per cent say big tech and social media companies "need to do more" to keep their data safe.
  • 92 per cent say they want to be in control of their data and be prompted for consent to share on every transaction.
  • 94 per cent believe that any organization – business or government – that asks for and stores personal or financial data "must have" their cybersecurity systems, processes, and controls audited or reviewed.

Businesses: 5 Cybersecurity Tips

  1. Apply a business lens to cybersecurity by working with management to help them better understand the implications of a breach to bolster support for cyber initiatives, such as employee training and education, funding, and resources.
  2. Establish governance and accountability through an organizational cybersecurity function tasked with reducing risk and increasing resilience.
  3. Identify your 'crown jewels' and classify them based on their criticality to ensure the appropriate level of resources to guard against, and respond to, a cyber incident.
  4. Educate and raise employee awareness by training employees to stay vigilant for cyberattacks and learn good cyber hygiene.
  5. Build resilience by developing incident response and business continuity plans and testing them. Planning helps prepare leadership and the organization to better organize, mobilize, and respond to a breach when it does happen.

KPMG used Methodify, an online research automation platform, to survey 2,003 Canadians during September 15-18.


KPMG LLP, an Audit, Tax and Advisory firm ( is a limited liability partnership, established under the laws of Ontario, and the Canadian member firm of KPMG International Cooperative ("KPMG International"). KPMG has more than 7,000 professionals/employees in over 40 locations across Canada serving private- and public-sector clients. KPMG is consistently recognized as an employer of choice and one of the best places to work in the country.

The independent member firms of the KPMG network are affiliated with KPMG International, a Swiss entity. Each KPMG firm is a legally distinct and separate entity and describes itself as such.

For more information or to request tables, please contact:

Caroline Van Hasselt
National Communications & Media Relations
KPMG in Canada
(416) 777-3288

© 2022 KPMG LLP, an Ontario limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.

For more detail about the structure of the KPMG global organization please visit

Connect with us


Want to do business with KPMG?


loading image Request for proposal

Stay up to date with what matters to you

Gain access to personalized content based on your interests by signing up today

Sign up today