A recent study by GetApp, a company that provides online resources for business doing software comparisons, found that 65% of Canadian executives have experienced a cyber attack in the last 18 months. Moreover, companies generally are reporting increases in cyber incidents with some executives being targeted multiple times.

The survey also found that 43% of Canadian companies do not prioritize extra training for executives despite increasing risks. From our perspective – and we would equate senior executives with senior partners in law firms – we would ask this: are senior partners in law firms here receiving the same, if not more, cyber training than the firm’s staff and other lawyers.

The most common attacks on executives were found to be malware and phishing. And the growth area for attacks seems to be deepfakes.

As to the Canadian participants in the survey, the contributors to these cyber attacks, were (Canadian percentage versus global percentage)

  • Downloading files from untrusted sources:           45% v 42%
  • Using weak passwords:                                          36% v 41%
  • Neglecting software and system updates:             32% v 24%
  • Ignoring cybersecurity training:                             36% v 34%
  • Bypassing company security protocols:                 31% v 32%

Last, 88% of the Canadian respondents agreed with the statement that senior executives should receive more cyber security training than other employees and 85% of respondents said risky online behaviour by senior executives harms their company’s cybersecurity measures.

The bottom line is that the messaging on cyber risks comes from the top which is also the place where the most risks are.