Sixty-seven per cent of Canadian firms surveyed were hit by ransomware in last 12 months

Canadian organizations may be being hit harder by ransomware than many suspect, if an upcoming survey is representative.

Sixty-seven per cent of the 460 firms questioned said they had been victimized by ransomware in the past 12 months.

Worse is that a number of them were hit more than once — in fact some were victimized three times.

Just over 10 per cent of respondents said they were hit by the same ransomware several times because they couldn’t fully remove the malware, leaving their systems open for the attacker to return.

The numbers were part of a “sneak peek” at the survey done by IDC Canada for Telus and presented at this week’s SecTor 2021 conference.

The full survey results will be released before the end of the year, said Kevin Lonergan, senior strategy manager Telus Cyber Security.

Lonergan described the numbers as “startling” and “eye-opening.”

Related content: Ransomware was the top attack type in Canada in 2020

Eighty-three per cent of respondents said their organizations had detected ransomware attempts in the past 12 months.

Larger organizations were more likely to have been hit than smaller ones (For example, in February the head office of Home Hardware was hit.)

The news wasn’t all bad: Sixteen per cent of respondents said they had beaten off a ransomware attack.

As for paying a ransom, 44 per cent of respondents said their firm paid up. However, only 42 per cent of those who paid said their organization was able to fully restore their data with the decryptor provided and just under half said access to their encrypted data was only partially restored. Lonergan didn’t say what had happened with the remaining eight or nine per cent of those who paid; the decryptor may not have worked at all, or they may have not received one.

That could play a factor in the decision by organizations to pay up.

“The most damaging ransomware attacks with the greatest impact to organizations are those affecting cloud-based IT systems,” Lonergan said the survey showed. This is because since the pandemic started many people are now working from home, so cloud services are increasingly targeted by threat actors.

The survey also suggested a number of best practices to defend against ransomware attacks, Lonergan said.

The most common way survey respondent firms were victimized was by exploiting misconfigurations in systems and devices. That method ranked higher than email. The conclusion, Lonergan said, is that “we really need to get better at managing vulnerabilities, prioritizing them.”

He also noted that almost 70 per cent of the firms that were able to defend against ransomware said they had a formal vulnerability management program.

It’s also important that organizations improve their incident response (IR) capabilities, Lonergan said. That was the number one way respondents said they should do better. Fewer than 60 per cent of respondents said they had a tested IR plan.

As for cyber insurance, only 40 per cent of respondents said their firm has coverage. However, of that group, two-thirds had used it to cover expenses with recovering from a cyber incident, suggesting it can be useful in at least partly paying incident costs.


Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Related Tech News

Featured Tech Jobs


CDN in your inbox

CDN delivers a critical analysis of the competitive landscape detailing both the challenges and opportunities facing solution providers. CDN's email newsletter details the most important news and commentary from the channel.