Covid-19 may be behind an increase in cybersecurity threats, but even before the pandemic, hacking and online extortion was widespread among Canadian businesses, Statistics Canada reports.

According to new data based on a survey that was carried out in the first quarter, 21% of Canadian companies reported facing cybersecurity incidents over the previous year, with larger companies much more likely to be targeted.

StatsCan reported that 43% of large businesses (at least 250 employees) faced security incidents in 2019, compared with 29% of medium-sized businesses and 18% of small businesses.

Attempts to steal money or demand ransom were cited as the top motives for cyberattacks, followed by efforts to steal personal or financial information.

StatsCan found that 12% of companies that reported incidents said that they lost revenue as a result, and 3% paid a ransom.

Despite the prevalence of cyber crime, most businesses aren’t reporting these incidents to police, StatsCan said.

Just 17% said they reported attacks to police, although reporting was much more common for companies with cyber insurance (34%).

StatsCan found that 17% of companies now report having some form of cyber insurance, up from 9% in 2017.

For large firms, 38% said they now have cyber insurance, compared with 24% in 2017. Over half of firms in the financial sector (55%) now have cyber insurance, up from 41%.

The study also found that companies spent a combined $7 billion on measures to prevent, detect and recover from cyber attacks during the year.

Large businesses spent an average of $699,000, StatsCan said, compared with just $74,000 for medium-sized firms and $11,000 for small companies.