As remote and hybrid work arrangements become the new norm, controls that were put in place before the pandemic to safeguard against cyber threats are no longer sufficient, finds a report released today by KPMG in Canada.
The report, Fraud, cyber & compliance: A triple threat for Canadian organizations, finds nearly half of North American executives say that working from home has negatively impacted the effectiveness of their companies' triple threat defences – fraud prevention measures, compliance risk mitigation and cybersecurity.
"The rapid digital transformation to remote work forced many companies to quickly put new processes and technologies in place, without being able to conduct the proper due diligence," says Alexander Rau, Partner, Cybersecurity, KPMG in Canada. "With all the challenges of the pandemic, more than two-thirds have not gone back to revisit these, leaving them exposed to on-going risk. To protect themselves, businesses need to develop an interconnected defence strategy where compliance, fraud and cyber efforts work together to defend against this threat loop."
According to the report, 60 per cent say the shift to remote working has increased the risk of fraud occurring within their company due to a reduced ability to monitor and control for fraudulent behavior.
Over two-thirds (67 per cent) say they experienced external fraud in the last 12 months, with 61 per cent suffering an economic impact (loss of money, loss of customers or physical damage), 41 per cent citing legal or compliance impacts (review or investigation by regulators) and 21 per cent experiencing reputational impact (such as negative coverage in the media).
Respondents cited a rise in the frequency of cyber attacks, including phishing (44 per cent), scamming (33 per cent), malware (22 per cent) and ransomware (20 per cent).
A triple threat for Canadian organizations
A triple threat for Canadian organizations
- 67 per cent of companies across North America say they experienced external fraud in the last 12 months.
- Nearly every respondent expects to see an increase in regulatory or compliance requirements related to data privacy, labour relations and the environment in the next five years.
- Two-thirds of respondents expect fraud (internal or external) to increase in the next year, and even more (77 per cent) expect that cyber risks will grow.
- Half (50 per cent) expect their cybersecurity risk to increase somewhat over the next 12 months, with 35 per cent expecting it to increase greatly.
"With cyberattacks on the rise, it's never been more important to have strong processes in place to identify, monitor, and minimize potential threats," says Mr. Rau.
Time to update your cyber defences
According to the report, only a small proportion (three per cent) of respondents are able to identify and contain a cyberattack in real time or even within 24 hours (eight per cent). On average, it takes two weeks to identify a cyberattack and another two and a half weeks to contain it, finds the report. And yet, respondents aren't overly concerned, with 88 per cent somewhat or completely satisfied with how long it takes their company to recognize a cyberattack. "With the average cost of a cyberattacks going up, identifying and addressing these incidents earlier should be a priority for business leaders," adds Mr. Rau.
An earlier KPMG survey found that very few Canadian small- and medium-sized businesses are highly prepared for a major cyberattack, with only 39 per cent saying they are "very confident" in their ability to detect and respond to a cyberattack.
"Awareness of the threat loop frequently comes after they experience a cyberattack, fraud incident or regulatory breach. Being proactive can help to mitigate risk and lessen the impact when an incident occurs—because it's a matter of when, not if," says Myriam Duguay, Partner, Forensics, National Leader Investigation and Fraud Risk Management, KPMG in Canada.
For more insights, read Into the breach which looks at how boards need to think about cyber preparedness.
Embedding strong cyber defenses into company operations and culture is key to avoiding future attacks and gaining consumer trust
Only two in five Canadian businesses say they can fully detect and stop major breaches
About KPMG in Canada
KPMG LLP, a limited liability partnership, is a full-service Audit, Tax and Advisory firm owned and operated by Canadians. For over 150 years, our professionals have provided consulting, accounting, auditing, and tax services to Canadians, inspiring confidence, empowering change, and driving innovation. Guided by our core values of Integrity, Excellence, Courage, Together, For Better, KPMG employs nearly 8,000 people in over 40 locations across Canada, serving private- and public-sector clients. KPMG is consistently ranked one of Canada's top employers and one of the best places to work in the country.
The firm is established under the laws of Ontario and is a member of KPMG's global organization of independent member firms affiliated with KPMG International, a private English company limited by guarantee. Each KPMG firm is a legally distinct and separate entity and describes itself as such. For more information, see home.kpmg/ca
To arrange an interview with a KPMG spokesperson, please contact:
National Communications & Media Relations
KPMG in Canada