Cyber protection as a voluntary benefit can help employees protect their devices and data from hackers.

Author: Richard A. Egleston


In Canada, the pandemic and subsequent rapid shift to remote work have intensified challenges IT and HR face to secure systems, protect privacy and help people connect online safety while working. Now, geo-political events such as the Russia-Ukraine war and significant cybersecurity incidents have heightened awareness that we are an increasingly digital and vulnerable workplace — and workforce.

In the last two years, cybercriminals have capitalized on new opportunities:1

  • Looser security on work-from-home devices
  • Severe software vulnerabilities like Log4j2, which were slow to patch
  • Cyber war spawned by Russia's invasion of Ukraine and organized nation-state crime rings

These threats are driving more costly, higher-impact data breaches and cyber incidents than ever before, and employees often can be at the center of these breaches and incidents. According to IBM, Ponemon Institute and the FTC:

  • The average cost of a data breach in Canada is now $4.5 million (compared to $3.5 million last year). It's higher in critical industries, such as utilities and telecommunications, transportation, finance, healthcare and government. It's more than $1 million more costly when remote work is a factor.2
  • The median cost for an individual was $600 per incident — and it was more than $1,000 for 10% of those affected.3
  • It can take an average of 100 to 200 work hours to remediate theft, which can add up to over $3,000 in lost wages or productivity.3
  • 89% of Canadian companies suffered a successful cyber-attack in last two years.4
  • 37% of attacks started when an employee fell for a phishing lure — phishing is now the costliest cause.2
  • 58% of Canadians have personally experienced cybercrime.5

Canadian organizations are proactively defending against increased threats with broader protection of devices and networks to prevent breaches and other costly cybercrime. Yet, an employee's remote workplace and personal devices often remain unprotected — creating a weak link in their IT security.

Are the security concerns about employees' devices changing?

How much of a security risk are employees' personal devices and digital habits to a business? Employees don't have the same controls on their devices at home as they do in their corporate environment, yet 73% of Canadian employees use personal devices for work, and the average Canadian household has seven devices.5

Our partner Norton LifeLock recently surveyed 1,200 Human Resources and IT executives and found that employers are highly aware of and concerned about employee cybersecurity risk.5 Here are the research findings:

  • A lack of cyber threat awareness is a key vulnerability for Canadian organizations — 79% rank a lack of employee knowledge or due diligence among the greatest sources of cybersecurity risk.
  • 70% of companies allow employees to use their own devices for work, yet only 30% have a BYOD policy.
  • Almost all say identity theft could affect employee's stress levels (90%), financial wellbeing (87%), and productivity (87%).
  • Nearly all — 94% or more — say it's important or essential to provide employees with protection for compromised devices, online privacy, and protection against Identity theft.
Alt text 73% use personal devices for work, 58% have experienced cybercrime, 80% see benefit of identity theft protection as a work benefit, 45% of companies don’t offer of identity theft protection.

Overall findings concur that, for most employers, cybersecurity protections are a must-have for their employees and their family. A current barrier for enhancing their security measures is cost and lack of knowledge.

Digital protection as an employee benefit

A recent employer benefit case study6 looked at a global parts manufacturer with more than 2,500 Canadian employees that offered identity and cyber protection as an optional employee benefit at new hire and open enrollment, at a discounted price. Nearly 20% of the workforce opted into the benefit in 2022. The benefit was fully funded for leadership — the group most often targeted for attack — and 100% opted in.

While HR was exploring options, they realized how simple it was to roll out identity theft benefits across their entire workforce as a voluntary or flex benefit at about a 50% discount over retail, at no added cost to the company. This optional benefit offering could reinforce IT’s existing cyber safety communications and training.

In addition to adding no cost to the company, employers may also have limited administration responsibility — by offering the benefit on a direct-bill basis, the organization simply has to communicate the benefit, and employees participate individually.

To learn more about these important Cyber Safety plans and benefit offerings, please reach out to your Gallagher benefit consultant.

Cyber safety benefits are online privacy, device security, identify theft protection and parental control.

Author Information


1Solomon, Howard. "Cyber Security Today, July 27, 2022 – Cyber Attacks Are Increasing, the Cost of a Data Breach Is Increasing and More," IT World Canada, 27 Jul 2022.

2"Cost of a Data Breach Report 2022," IBM, 27 Jul, 2022.

3"Top 10 Frauds in 2021," Canadian Anti-Fraud Centre, updated 17 Feb 2022.

4O'Driscoll, Aimee. "Canada Cybersecurity and Crime Statistics 2020-22," Comparitech, updated 1 Aug 2022.

5"Canadian Cyberthreat Experiences Survey by Angus Reid Group," Norton LifeLock, Jul-Aug 2022.

6Norton LifeLock Employee Benefits Solution Client Insights, August 2022. Unpublished case study.


Consulting and insurance brokerage services to be provided by Gallagher Benefit Services, Inc. and/or its affiliate Gallagher Benefit Services (Canada) Group Inc. Gallagher Benefit Services, Inc. is a licensed insurance agency that does business in California as "Gallagher Benefit Services of California Insurance Services" and in Massachusetts as "Gallagher Benefit Insurance Services." Neither Arthur J. Gallagher & Co., nor its affiliates provide accounting, legal or tax advice.