Skip to main content
An RBC Small Business Poll reveals that Canadian small business owners are aware and concerned about cyber security, but fall short on preparedness in the face of cyber threats. Are you cyber ready?

A recent RBC Small Business Poll1 reveals that small businesses are mindful of cyber risks, but there are gaps in preparedness. See how businesses are approaching cyber security today.

Small Business Infographic

+ More

Small businesses are stepping up their cyber security efforts – but gap in preparedness remains: RBC poll

Nearly half of Canada’s small business owners anticipate becoming a victim of cybercrime in the next 12 months (vs 34% of general Canadian population).

But, four in ten admit they’re not knowledgeable about regulatory and legal requirements about cyber security in their industry.

“While large organizations are able to maintain robust cyber security protocols, many smaller businesses have difficulty implementing or maintaining cyber security practices, leaving them vulnerable to cyber-attacks.” Adam Evans, RBC Chief Information Security Officer, RBC

Owners across Canada perceive these to be the greatest threats to their business today:

  • Devices infected by a virus or malware
  • Falling victim to an online scam
  • Property damage

Cyber Security DIY: Most small business owners are taking cyber security into their own hands.

  • Handling cyber security risks themselves
  • Relying on in-house IT teams
  • Turning to outsourced IT consultants


Acknowledging that your business is at risk of cyber attacks is an important first step. Next comes preparing your business and mitigating the risk. This Fraud Awareness month, take time to focus on protection measures with these five steps.

To develop their cyber security mitigation and crisis management plans, small businesses can consider:

  1. Prioritizing measures including multi-factor authentication, mandatory employee training and limited authority to install software.
  2. Thinking through risks and creating a prioritized list of possible cyber events unique to the organization.
  3. Identifying key stakeholders and putting together a list of key contact information, both technical and non-technical persons in the event their services or contact is needed.
  4. Outlining an engagement procedure, which will guide the organization’s plan in response to a cyber event, detailing how events will be handled and communicated.
  5. Creating a communications template used to address impacted parties in the event of a cyber security incident.

    Download Template

Want some help managing your cyber security?

The RBC Cyber Security Awareness and Education Website has been designed to help small business owners and the community with the latest in cyber security insights, best practices, tips, and guidelines.

More resources & tips:

1 About the Survey The RBC 2021 Cyber Security Poll was conducted by Ipsos Canada from August 24-27, 2021. More than 3,000 surveys were completed online by Canadian adults, represented in six different regions (British Columbia, Alberta, Saskatchewan/Manitoba, Ontario, Quebec and Atlantic Canada). Representative sample results are weighted to reflect the Canadian population. The precision of Ipsos online polls is measured using a credibility interval. In this case, the poll is accurate to within ± 1.8 percentage points had all Canadian adults been polled. The credibility interval will be wider among subsets of the population represented. All sample surveys and polls may be subject to other sources of error, including, but not limited to, coverage error, and measurement error.