Canadian Business Think They’re Doing a Good Job at Data Security; Canadian Consumers Aren’t too Sure

Nearly Three in Ten (27%) Canadians Say They’re Likely to Take Their Business Elsewhere if a Company they Support Suffers a Data Breach

The author(s)

  • Sean Simpson Vice President, Canada, Public Affairs
Get in touch

Toronto, Ontario, June 20, 2019 — The findings of a recent Ipsos survey conducted on behalf of Shred-it expose significant gaps in perception between businesses and consumers when it comes to information and digital data security in Canada. While the vast majority of C-Suite executives (89%) and small business owners (84%) think companies are getting better at protecting their customers’ personal and sensitive information, fewer consumers (70%) agree that this is the case. In fact, consumers are twice as likely to report that their personal data security has declined (50%) as opposed to improved (23%), over the past ten years. The results clearly demonstrate that while many companies think they are getting better at protecting sensitive information, consumers are not convinced that their data security is being taken seriously enough.

Consumers aren’t so sure that all data breaches are disclosed, as C-Suite executives are about twice as likely (at 85%), compared to consumers (42%), to feel as though all digital data breaches are properly disclosed and not kept secret. What’s worse, even though most consumers (82%) believe that any breach of personal data is a big deal, only a slim majority (53%) of C-Suite executives surveyed feel the same way.

Small business owners appear to be a little more in tune with the average consumer, however, as three in four (74%) indicate that a data breach is, in fact, a big deal and nearly four in ten (37%) question the extent to which all digital data breaches are being properly disclosed. Moreover, C-Suite executives are nearly three times more likely (at 66%), compared to small business owners (25%), and are significantly more likely, relative to the average working Canadians (42%) to view a data breach as probable within the next five years.

Over the past year there has been a large increase, among businesses of all sizes, in the proportion of workplaces with remote working arrangements (C-Suites: 95% vs. 89% in 2018; SBOs: 59% vs. 50%). To coincide with this increase, a statistically higher proportion of C-Suite executives (96%; +22 pts) and small business owners (55%; +12) report that their organization now has established policies for storing and disposing of confidential information when employees work off-site. And yet these policies might not be enough as most executives (86%; +4) and small business owners (65%; +2) continue to think that the risk of a data breach increases when employees work off-site.

Further, among those who suffered a data breach, a greater proportion of both C-Suites (52%; +6) and small business owners (40%; +11) attribute the situation to human error by employees or insiders at their organization. Despite all of this, Canadian companies appear to be very trusting of their employees, as around nine in ten believe they are doing what they can to safeguard sensitive physical and digital information when working off-site (94% of C-Suites & 90% of SBOs).

 Breach Could Cause Serious Harm to Business

A breach compromising the integrity of personal, confidential, or sensitive information can have devastating effects on a business, according to the survey. Right off the bat, as many as one in four consumers can be expected to seek compensation (22%) or immediately take their business elsewhere (27%), if a company they do business with suffers a breach compromising their personal information. This figure represents a significant amount of corporate revenue that could simply vanish overnight, irrespective of how the company responds to the situation. It is arguably even worse that as many as one in three consumers say they will tell others about the breach (31%) or lose trust in the company (36%), even if not all of them immediately take their business elsewhere.

Preventative measures can and need to be taken to avoid the possibility of a data breach happening in the first place. Canadian businesses seem to generally understand this, as most report having established policies for the storage and destruction of confidential paper documents (90% of C-Suites; 65% of SBOs) and information on end-of-life electronic devices (93% of C-Suites; 53% of SBOs). But accidents can and will happen. And when they do, it is of paramount importance to have contingency plans in place that focus on immediate and effective corporate responses to the situation, as nearly half (47%) of consumers indicate that they would wait to see how the company responds before reacting while as many as four in ten (39%) would demand to know what is being done to prevent future breaches.

These findings should come as no surprise, however, given that four in five (82%) consumers view digital data security as a top priority, when choosing who to do business with.

About the Study

Ipsos conducted a quantitative online survey of two distinct sample groups: small business owners in Canada (n=1,000) under 100 employees, and C-suite executives working for businesses in Canada with a minimum of 100 employees (n=100). The fieldwork was conducted between March 26th and April 1st, 2019. Data for Small Business Owners is weighted by region. Data for C-Suite Executives is unweighted as the population is unknown. The precision of Ipsos online surveys are calculated via a credibility interval.  In this case, the Canada SBO sample is considered accurate to within +/- 3.5 percentage points had all Canadian small business owners been surveyed, and the Canada C-Suite sample is accurate to within +/- 11.2 percentage points had all Canadian C-Suite Executives been surveyed.

In addition to the quantitative online survey, Ipsos conducted a short survey among a gen pop sample of n=2,002 Canadians about data protection and security. Weighting was then employed to balance demographics to ensure that the sample’s composition reflects that of the adult population according to Census data and to provide results intended to approximate the sample universe. The precision of Ipsos online surveys is measured using a credibility interval. In this case, the survey is accurate to within +/- 2.5 percentage points, 19 times out of 20, had all Canadians been surveyed. The credibility interval will be wider among subsets of the population. All sample surveys and polls may be subject to other sources of error, including, but not limited to coverage error, and measurement error. 

For more information on this news release, please contact:

Sean Simpson
Vice President, Ipsos Public Affairs
+1 416 324 2002

About Shred-it

Shred-it is a world-leading information security service provided by Stericycle, Inc. Shred-it solutions ensure the security and integrity of private and confidential information, protecting more than 500,000 global, national and local businesses across 17 countries worldwide. For more information, please visit

To view the Shred-it press release here.

About Ipsos Public Affairs

Ipsos Public Affairs is a non-partisan, objective, survey-based research practice made up of seasoned professionals. We conduct strategic research initiatives for a diverse number of Canadian, American and international organizations, based not only on public opinion research, but elite stakeholder, corporate, and media opinion research.

Ipsos has media partnerships with the most prestigious news organizations around the world. In Canada, Ipsos Public Affairs is the polling partner for Global News. Internationally, Ipsos Public Affairs is the media polling supplier to Reuters News, the world's leading source of intelligent information for businesses and professionals. Ipsos Public Affairs is a member of the Ipsos Group, a leading global survey-based market research company. We provide boutique-style customer service and work closely with our clients, while also undertaking global research.

The author(s)

  • Sean Simpson Vice President, Canada, Public Affairs