The Canadian Securities Administrators (CSA), the umbrella organization of Canada’s provincial and territorial securities regulators, survey has found that 51% of 649 registered businesses have experienced a cybersecurity incident in 2016.

The survey found that the most common reported incidents were phishing (43%), malware incidents (18%) and fraudulent email attempts to transfer funds or securities (15%).

In terms of conducting risk assessments to identify cyber threats the majority of firms do on a yearly basis (39%), but 33% suggested that they conduct them on an ongoing basis. A number of firms (66%) have a cyber security incident response plan that is tested at least annually and the majority of firms do back up their data on a daily basis (73%).

Regarding employee training, the focus is on suspicious emails or links (70%), good password practices (68%) and the safe use of hardware or software (60%).