Huge ransoms paid out by some Canadian businesses amid rising cyberattacks: StatCan

Some businesses paid a ransom of more than $500,000 after a cyberattack last year, new Statistics Canada data revealed.

Some businesses paid a ransom of more than $500,000 after a cyberattack last year, new Statistics Canada data revealed.

The report surveyed more than 12,000 businesses to investigate the impacts of cybersecurity incidents on enterprises across Canada, including how many are paying attackers after getting hit by ransomware.

In 2023, an estimated two per cent of Canadian businesses reported being hit by ransomware, which is a type of cybersecurity attack that encrypts files and comes with a payment demand to make those files available again.

Though most affected businesses didn't make a payment, 12 per cent did give money to attackers, the report says.

Most payments were relatively small — 84 per cent of ransom payments were under $10,000. But the report estimates that four per cent of businesses who paid after a ransomware attack handed over more than $500,000.

Only 13 per cent of businesses who dealt with a cyberattack ended up reporting the attack to police, the survey found, though that number is up from 10 per cent in 2021. More than half of incidents that did get reported were related to stealing money or demanding ransom payments.

Canadian businesses spent $1.2 billion recovering from cybersecurity incidents last year, double what was paid a couple of years earlier.