KPMG LLP has launched the KPMG International Global CEO Outlook Survey, which suggests that company preparedness for cyberattack may be on the decline.

Of the Canadian companies surveyed for the outlook report, 79 per cent are publicly traded. Overall, the firm surveyed 1,325 international CEOs in 11 countries.

The research found that the number of CEOs at large Canadian companies who said they were well prepared or very well prepared for a cyberattack fell 17 per cent from last year, dropping from 73 per cent in 2021 to just 56 per cent today. The number of those who said they were unprepared jumped three-fold.

When asked about specifics like ransomware, 24 per cent said they do not have a plan to address the risk.

“Yet, when asked what keeps them up at night, CEOs put cybersecurity seventh behind a range of other pressing, near-term risks such as the economy, a potential recession, regulatory issues and disruptive technologies,” the firm writes.

Small and medium sized businesses fared better, with the number of those saying they are prepared to handle a cyberattack climbing nine per cent during the year, from 64 per cent in 2021, to 73 per cent today. That said, more than two thirds admit their cyber defenses could be a lot stronger. This group of CEOs ranked cybersecurity as their second single most pressing concern today.

At large companies, 59 per cent said building a strong cybersecurity culture is just as important as building technological controls, down from 83 per cent last year. 

More than half of small and medium sized companies, on the other hand, say they’ve been the victims of cybercrime in the past year. Among these CEOs, nearly eight in 10 or 78 per cent say building a cybersecurity culture is as important as building technological controls.