--- description: Cyberattacks against senior executives are on the rise in Canada. GetApp explores corporate identity theft protection and tips to avoid key threats image: https://gdm-localsites-assets-gfprod.imgix.net/images/getapp/og_logo-94fd2a03a6c7a0e54fc0c9e21a1c0ce9.png title: Securing Canadian executives with cybersecurity training --- # Corporate identity theft protection: Are Canadian executives properly secured? Canonical: https://www.getapp.ca/blog/6877/canadian-executives-corporate-identity-threat-protection-tips Published on 2024-09-03 | Written by David Jani. ![Corporate identity theft protection: Are Canadian executives properly secured?](https://images.ctfassets.net/63bmaubptoky/1U19Nxi6b2WBFJLtP3PBho/7d78e9c41cdf20bc9dcf736bf7f315e0/10-GA-Intl-Header-Security_report_2_2-1200x630-DLVR.jpg) > Cyber protection is the primary concern of everyone involved in a business. While it is important to practice IT security across the company, there's an urgent need to secure a key target for cyberattacks: the C-suite. ----- ## Article Content Cyber protection is the primary concern of everyone involved in a business. While it is important to practice IT security across the company, there's an urgent need to secure a key target for cyberattacks: the C-suite.In this article65% of Canadian executives have experienced a cyberattackCanadians want senior executives to get extra cybersecurity prepOver 40% of executives don’t get extra cybersecurity trainingPreparing senior executives for the risks that lie aheadCyberattackers are increasingly targeting senior company leaders, whether through artificial intelligence (AI) - assisted deepfakes, biometric security breaches, malware, or ID fraud. This finding was uncovered in GetApp’s 2024 Executive Cybersecurity survey\*, which surveyed 2,648 IT and cybersecurity professionals across 11 countries (235 in Canada).Senior company managers control large amounts of data and have privileged access to some of the most sensitive files, making them a major target for bad actors. Despite the urgency, executives may sidestep cybersecurity training due to time pressures, putting corporate identity theft protections on the back foot.  Cyberattacks on managers can cost businesses millions collectively, making it crucial to ensure more robust cybersecurity training for higher-level employees. Our study identified that 40% of Canadian companies targeted by a cyber incident against senior executives in the last 18 months provided extra cybersecurity courses to prepare executives to avoid losses in such situations. Key insights65% of Canadian senior executives have been the target of at least one cyberattack in the last 18 months56% of Canadian organizations affected say cyber incidents against senior staff have increased14% of the targeted executives were affected by an AI-assisted deepfake identity fraud attack88% of surveyed Canadian IT and cybersecurity professionals agree that senior executives should receive more cybersecurity training than other employees43% of Canadian businesses don’t prioritize extra training for executives despite the risks36% of Canadian senior executives who don’t receive extra training regard it as a non-priority, the highest proportion worldwide65% of Canadian executives have experienced a cyberattackWhile mistakes among rank-and-file employees expose a business to cyberattacks, the damage doubles when the company's senior leaders make cybersecurity mistakes.Companies spend thousands of dollars addressing cyber risks and vulnerabilities such as insufficient network monitoring, poor endpoint protection, and delayed software updates. For example, in the first report looking at the findings of GetApp’s 2024 Executive Cybersecurity survey Canadian businesses struck by cyberattacks dedicated resources to improving network security, strengthening passwords, and keeping software promptly updated as a response.   Failing to address basic protections such as those mentioned above isn’t a risk businesses can take, especially when it makes their C-suite more vulnerable. Reports about senior executives coming under attack from traditional attacks or newer threats such as deepfake tech aren’t new. \[1\] With 65% of IT and cybersecurity professionals surveyed experiencing an incident targeting senior staff in the last 18 months, Canada is witnessing a higher risk of cyberattack. The trend of senior executive attacks seems to be rising, too. Among Canadians whose senior executives were targeted, over half (56%) observed a higher rate of cyberattacks against senior-level staff over the last three years. Small cybersecurity errors by executives can cost Canadian companies bigWhilst there are concerns about the threats born from AI-powered cyberattacks, simpler errors represent a more immediate danger to Canadian companies. Some of the most prominent ways Canadian executives have come under attack (as observed in our data) include malware attacks, phishing, and ransomware.Additionally, whilst some deepfake attacks were observed in our sample, their prevalence was lower in Canada than in other countries surveyed. We found that 14% of Canadians surveyed had experienced a deepfake, compared with a global average of 21%. Whilst Canadian companies can breathe a sigh of relief on that front, there are reasons not to get complacent. Despite fewer deepfake attacks in Canada than elsewhere, companies should remain vigilant as they are likely to grow amid the rising popularity of AI tools. Furthermore, many more common and familiar errors made by executives are putting companies at risk today, which should ideally be the priority when addressing vulnerabilities. One of the biggest cybersecurity errors made by Canadian senior executives is downloading files from untrusted sources followed by other conventional risks, such as ignoring cybersecurity training. As shown in the graph above, Canadian senior staff are more likely to make these mistakes than global averages. Identity theft protection also needs to be at the forefront of Canadian cybersecurity preparations. 44% of our surveyed professionals said their company executives were the victims of at least one case of ID fraud. We also observed that almost half (48%) of these attacks came in the form of impersonation threats, 3 points above the global average. The threat of identity fraud is an even bigger issue, given the prevalence of executives ignoring cybersecurity training in Canada. Just over a third (36%) of Canadian executives fall victim to cybercrime after not following their workplace protections or security IT certifications. Avoiding the ‘sucker’s list’One of the nastier facts about being targeted successfully by a cyberattacker is that further attacks become more likely, especially if the target is seen as high value. Cybercriminals may share details of those who were successfully breached or who ended up sharing personal data, which can lead others to breach your systems through the same vulnerabilities.  That’s why it’s important to strengthen your cybersecurity measures to avoid attacks. With safety tools such as multi-factor authentication (MFA), encryption, and identity management software, you can reduce the chances of unauthorized access. Canadians want senior executives to get extra cybersecurity prepThe question of cybersecurity training for Canadian executives is taken quite seriously by IT and security professionals nationally. Amongst our sample most (88%) agree that managers should have additional security training compared to regular employees. Respondents also strongly feel the danger of risky online behaviour by senior executives.These findings show that Canadian managers are leading in fostering cybersecurity practices and defence. This is especially important as many respondents have concerns that senior staff are more likely to fall victim to cyberattacks. Therefore, company leaders must show that they can lead by example and demonstrate extra knowledge and preparation for cybersecurity defence to quell some of these worries. Over 40% of executives don’t get extra cybersecurity trainingWith 80% of companies providing at least once-yearly awareness and education sessions for staff, most Canadian firms organize cybersecurity training. However, it is not quite so common for Canadian executives to receive more than the company-wide training. Half of our sample say their business prioritizes additional security training for their senior staff; however, 43% say this is not provided, noticeably below our global average of 37%.This lack of additional training for managers opens Canadian businesses up to considerable risks compared to their global peers. As seen earlier, executives are especially threatened by identity fraud, and procedural mistakes that lead to vulnerabilities. This danger is highlighted further by the fact that 36% of cyberattacks in our Canadian sample are blamed on senior executives ignoring cybersecurity training.Not following security guidelines reduces the overall effectiveness of cyber protection. It also undermines the areas where Canadian businesses are ahead of the global curb on training, such as preparing managers to deal with social engineering attacks.Many reasons are given for skipping out of courses among the 43% of managers not receiving extra security preparation. In most cases, a lack of time is blamed. However, Canada also has the highest prevalence globally (36%) where managers simply don’t see extra training as a priority. This is a concerning trend and one that requires action by Canadian businesses. The data clearly shows that Canada lags behind in some forms of cybersecurity preparedness. Senior staff of local businesses in the country are an easy target for cyberattackers due to the lack of seriousness given to special executive cybersecurity training compared to global peers. The country is already at particular risk compared to others when it comes to impersonation attacks, potentially putting many firms at a disadvantage.  Focused training aimed at the C-suite level is also especially urgent as new more sophisticated AI-generated attacks like deepfakes or social engineering are becoming more common. Proper preparation allows business heads to maintain up-to-date awareness of specific threats that target higher-level staff and also account for the level of access and control they have over company files and systems.Preparing senior executives for the risks that lie aheadLeadership of a company extends beyond strategy and organization. To protect a firm’s cybersecurity, senior executives must safeguard data privacy, uphold security best practices, and possess an awareness of possible threats.Specialized cybersecurity training can help prepare executives to effectively face a number of new and developing dangers. These include elements such as:Awareness of current threats: Cyberthreats are evolving quickly, and senior executives need to stay updated on the methods that can specifically target them. As discussed before, time constraints may affect executive-level cybersecurity training. However, businesses can also rely on security awareness training software to access courses and guidance that adapt to their busy schedules without needing a specialized course.Safeguarding image and personal data: Executives are major targets for social engineering attacks. A lot of information needed to impersonate an executive can be found online, either from company sources, local media, or personal social network activities. Therefore, it is especially important to make executives aware of what they should and shouldn’t share online and to have them regularly review their information security.Risk management: Executives should feel empowered to make decisions but must also be aware of potential risks that may occur when carrying out certain activities, such as finalizing high-value transactions that could be fraudulent. Understanding such risks enables businesses to prevent unwanted outcomes. These might include procedures to assess if a video call is a deepfake or having network monitoring implemented that can detect threats. Additionally, preventive steps can be initiated if an incident is noticed mid-attack, such as how to halt fraudulent transactions or recover lost funds, not to mention disaster recovery strategies if they do succeed. Safe use of personal devices and public networks: Company information should always be kept solely on company devices, and where possible, secure Wi-Fi networks should be used only. Insecure apps or malware can represent a big issue if they get onto company infrastructure, which is why it is important to educate executives to be especially wary of exposing their devices to these risks. Using a mobile device management system can help secure mobile hardware by providing monitoring capabilities and controlling use policy. Looking for security awareness training software? Check out our catalog. ## Disclaimer > Survey methodology\*GetApp's Executive Cybersecurity Survey was conducted in May 2024 among 2,648 respondents in the U.S. (n=238), Canada (n=235), Brazil (n=246), Mexico (n=238), the U.K. (n=254), France (n=235), Italy (n=233), Germany (n=243), Spain (n=243), Australia (n=241), and Japan (n=242). The goal of the study was to explore how IT and cybersecurity professionals are responding to the rising threat of biometric fraud. Respondents were screened for IT and cybersecurity roles at companies that use security software and have more than one employee. Respondents were screened for involvement in, or full awareness of, cybersecurity measures implemented at their company.Sources:1. Deepfakes a big worry for Canadian employers, Canadian HRReporter ## About the author ### David Jani David is a Content Analyst for the UK, providing key insights into tech, software and business trends for SMEs. Cardiff University graduate. He loves traveling, cooking and F1. ## Related Categories - [Artificial Intelligence Software](https://www.getapp.ca/directory/1397/artificial-intelligence/software) - [Cybersecurity Software](https://www.getapp.ca/directory/1035/cybersecurity/software) - [Help Desk Software](https://www.getapp.ca/directory/287/help-desk-ticketing/software) - [IT Service Software](https://www.getapp.ca/directory/1049/it-service/software) - [Network Security Software](https://www.getapp.ca/directory/1443/network-security/software) ## Related Articles - [The top Canadian technology trends for 2022](https://www.getapp.ca/blog/2293/technology-trends-in-canada-2022) - [Phishing attacks in Canada: How are businesses dealing with them?](https://www.getapp.ca/blog/4206/phishing-attacks-in-canada) - [Green marketing: 5 sustainable trends for your SME](https://www.getapp.ca/blog/2154/green-marketing-strategy-ideas) - [Digitalization trends in Canada: Managers say pandemic sped up digital adoption](https://www.getapp.ca/blog/2324/digitalization-trends-canada-statistics) - [The era of dark data: How SMEs can tap into unused data](https://www.getapp.ca/blog/4551/what-is-dark-data) ## Links - [View on GetApp](https://www.getapp.ca/blog/6877/canadian-executives-corporate-identity-threat-protection-tips) - [Blog](https://www.getapp.ca/blog) - [Home](https://www.getapp.ca/) ----- ## Structured Data