Two-thirds of execs consider cyberattack biggest business risk

But lack of clarity as to who is responsible for ensuring employees behave: Survey

Two-thirds of execs consider cyberattack biggest business risk
BMO announced recently it had suffered a cyberattack that may have affected customer data. REUTERs/Chris Wattie

Fraudulent, unethical and corrupt business practices, increasingly prevalent due to new technologies and the inconsistent application of compliance policies, are a source of mounting concern for Canadian executives, according to a survey by EY.

Two-thirds believe a cyberattack is the biggest risk to their business — compared to the global average of 37 per cent — surpassing concerns over the changing regulatory environment (cited by 48 per cent) and the macro-economic environment (46 per cent).

"Recent high-profile data breaches and concerns over online privacy are creating new risks for Canadian businesses," said Zain Raheel, EY Canada fraud investigation and dispute services leader.

"Ongoing cybersecurity threats point to a critical need for rigorous and focused incident response plans to detect potential breaches and help minimize the occurrence of attacks."

While respondents recognize the importance of integrity among employees, there is a lack of clarity as to who in the company is responsible for ensuring employees behave, said EY.  

Sixty-two percent of Canadian executives say management is primarily responsible for ensuring integrity, followed by individuals, at 24 per cent, and HR, at eight per cent, found the EY Global Fraud Survey of 2,550 executives from 55 countries and territories (between October and February).

And while 80 per cent of respondents agreed there are clear penalties for violating company policies, only 46 per cent could point to employees who have been penalized for breaching them. 

"There is a great opportunity for companies to demonstrate that they are living their values by enforcing corporate integrity and implementing stringent compliance measures," said Raheel. "Lack of enforcement, coupled with vague policies, sets the precedent that unethical behaviour may continue without consequences."

Latest stories