Data breaches are in the news all the time. And it feels like no companies - large or small, public or private, geography, industry - are safe. We have new data that shows how many IT leaders think breaches are inevitable. It’s not if a breach will occur, it’s when it will occur.

According to recent survey results released by Adastra,, more than three-quarters (77%) of IT decision-makers across the United States and Canada believe that their companies are likely to face a data breach within the next three years. This is a concerning trend, as data security is becoming an increasingly important issue for companies as they continue to bolster their cybersecurity preparedness.

The survey was conducted between December 2-14, 2022, and consisted of 882 IT professionals throughout the United States (589) and Canada (293). Respondents ranked data security as the biggest game changer in 2023, with 68% of managers surveyed saying that their companies have a cybersecurity division and a further 18% reporting that they are in the process of creating one. Only 6% of respondents reported having no cybersecurity division.

Kuljit Chahal, Practice Lead, Data Security at Adastra North America, commented on the survey's findings, saying, "The increase in data breach incidents across North America is troubling and must be prioritized as employees continue to return in-person to their corporate offices. During the pandemic, many employees were hired virtually, and in combination with long absences from offices, introductions to and re-familiarization with security protocols will be critical."

The importance of employee awareness of data security best practices cannot be overstated. According to the 2022 Verizon Data Breach Investigations Report, 82% of data breaches are caused by human error, and companies of all sizes are at risk. Chahal noted that "some companies, especially smaller ones, can be lulled into a false sense of security believing that perpetrators will not bother with them—this is absolutely not the case."

The cost of a data breach can be high, with Canadian businesses impacted by cyber breaches spending a collective $600 million to recover in 2021 alone. According to Statistics Canada, 41% of data breaches occur in small and medium-sized companies with less than 250 employees. Chahal urged companies of all sizes to invest in data security protection, resources, and education, particularly as we return to in-office activities.

The results of this survey should serve as a reminder that companies of all sizes must prioritize data security, particularly as employees return to in-person work. With data breaches on the rise, it is essential that companies take the necessary steps to protect themselves from potential threats, including investing in cybersecurity divisions, employee education, and data security protection and resources.

One frequently missed topic of security awareness training is what to do in the case of a breach. It sometimes feels taboo to talk about it. But, what this survey shows is that it is highly likely to be close to a breach or directly involved in a breach. As such, employees need to 1) know what to do if they suspect a breach and 2) not feel ashamed or embarrassed to come forward.

‍