Canada's Data Breach Costs Are Second Highest In The World

According to Canadian lawyers who specialises in cybersecurity and data protection law, very few Canadian organisations are properly prepared to handle data breaches.

This is substantiated by the fact that the average data breach cost in Canada is the second highest in the world, according to the 2017 IBM and Ponemon Institute report. This consensus of how bad things may be is generally shared by many Canadian lawyers as well, with even the most basic protection models not in place for minimising data breaches.

Bradley Freedman, Vancouver-based law firm partner, said:

“…many Canadian organisations haven’t done some of the basic things that regulatory guidance and best practices suggest to minimise risk of a data breach.”

It seems that in many cases organisations are either not implementing data protection measures at all, or they’ve severely curtailed their desire for protection. Mr Freedman went on to say: “in my view it’s short-sighted and misguided” in terms of how organisations may choose to put resources into other parts of the business as opposed to data protection.

Statistics

Risk Based Security, a cybersecurity firm, released data that showed Canada to be the third country in the world to have the greatest number of data breaches so far this year. Just falling behind the U.S. and U.K., Canada have reported 59 data breaches so far.

By comparison with other global influencers, China have only reported 22 data breaches, and there were only 19 publicly reported data breaches in Russia.

Of course, this report may not be the best indicator of whether Canada are within the top three countries that have the most data breaches, but it does say a lot as Canada’s data breach reporting apparently isn’t mandatory.

Mandatory data breach reporting will come into effect later this year when Ottawa enforces a rule (Protection of Personal Information and Electronic Documents Act (PIPEDA)) for organisations that come under ‘federal jurisdiction’ to do so. This refers to organisations that are overseen by the government.

Even though there isn’t mandatory data breach reporting in Canada, a failure to notify relevant regulators and organisations may lead to an investigation to find out if the organisation failed to undertake its responsibility to keep personal data safe. Therefore, many Canadian organisations may wish to consider reporting a data breach even if it’s not specifically required by law.

Costs

According to the IBM and the Ponemon Institute study, an average data breach costs Canadian companies $5.78 million (£4.44 million). Canada’s average data breach cost was reported to be the second highest in the world, and the cost was above the world average of $3.62 million (£2.78 million).

The study found that Canadian organisations who managed to contain a breach in less than 30 days were able to save $1.79 million (£1.38 million) in costs when compared to organisations who take longer than a month to deal with a breach.

So, the takeaway message here seems to be that those organisations who are proactive in their data breach protection and response approach can drastically reduce their costs.

As many experts say, the view should be ‘when’ data breaches happen, and not ‘if’.

Start Your Claim

You can call our claims team free from a landline or mobile on 0800 634 7575 or click on the link below to create a call back with one of our expert Data Claims team.

Create A Call Back

Information on how we handle your data is available in our Privacy Policy.

The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.