4 min

Why Cybersecurity is Now Imperative for Small Business

Cyberincidents are making headlines each day and it’s crucial for organizations of all sizes to establish and maintain effective cybersecurity. Penetration testing and comprehensive security assessments are among the best preventative measures.

Man working on a laptop with an abstract overlay of cybersecurity network art.

To better understand the state of penetration testing amongst Canadian organizations and the various cybersecurity challenges they face, CDW Canada commissioned a second annual penetration test survey. The survey examined the sentiment of 500 Canadian IT professionals at companies/organizations with at least 20 employees, 134 of whom worked for small-sized businesses (20-99 employees).

Cyberincidents are making more headlines each day and it has become crucial for organizations of all sizes to establish and maintain effective cybersecurity. Penetration testing and comprehensive security assessments are among the best preventative measures. Fortunately, cybersecurity remains a top priority for small businesses, with 93 percent reporting that they take protecting against threats seriously. Penetration testing is gaining more momentum each year, and this year's penetration testing survey results demonstrate that small businesses are more adept at understanding the benefits of cybersecurity investments and are implementing solutions.


52 percent of small businesses perform penetration testing and/or comprehensive security assessments, representing a 41 percent year-over-year (YoY) increase from 2022 (37 percent).

Increased adoption of penetration testing among small businesses strongly suggests a greater awareness of its importance as a means of defence against cyberthreats. More than two-thirds (69 percent) of small-sized organizations who perform penetration testing reported that it has “somewhat to significantly improved” their overall security, and many are reaping its benefits.


One in four (25 percent) small-sized businesses have experienced a security breach in the past year.

With technology innovation happening at an accelerated pace and the sophistication of cyberattacks advancing just as quickly, small businesses need to remain vigilant and proactive with cybersecurity. In fact, three-quarters (75 percent) of small businesses still have concerns regarding their penetration testing capabilities, reinforcing the importance of continued investment and upkeep of security technologies and polices.

While one in four (25 percent) small-sized businesses reported experiencing a security breach in the past year, it is possible that the actual number may be even higher, as some cybersecurity compromises and breaches can go unnoticed for a long period of time. The reason for this could include an organization’s lack of cybersecurity knowledge, the absence of formal cybersecurity training or even a lack of resources and personnel.


Among small businesses who have shifted to remote/hybrid work since the pandemic, more than a third (36 percent) believe it has increased their security risks.

The challenge for small businesses adopting hybrid work is to ensure the same level of security and reliability exists whether working remotely or from a company’s on-premises locations.

As the threats continue to mount, many small businesses have turned to the experts, and a growing number of small businesses have outsourced their cybersecurity services. In 2023, nearly two-thirds (64 percent) of small businesses reported having engaged an external IT security services partner, an increase from 49 percent in the previous year. Working with a third-party IT partner is an effective way for small businesses to ensure business continuity in the event of a cyberattack. In fact, among small businesses that have an external IT security services partner, 59 percent reported that the value of having their partner increased in the last two years. Having a prepared incident response plan is also key to minimizing, mitigating and recovering from an attack.  

While more small businesses are utilizing penetration testing and comprehensive security assessments, many still struggle with adoption and investment.

It is crucial for businesses of all sizes to conduct regular cybersecurity assessments to mitigate the risk of security breaches. While still facing many challenges and barriers with penetration testing adoption, small businesses realize that a security breach can be costly, and the result may have serious reputational and operational consequences.

About this study

These are the findings of a survey conducted by CDW Canada from March 14-17, 2023 among a sample of n=500 IT professionals at companies and organizations in Canada with at least 20 employees. For comparison purposes only, a sample of this size would yield a margin of error of +/- 4.4 percentage points at a 95% confidence level. The survey was offered in both English and French.