It's a complex question, obviously, and a lot of it is outside my scope of expertise, but when it comes to protecting against, for instance, espionage or malicious behaviour that tries to either siphon off or sabotage IP and the entire R and D process, there are a couple of vulnerabilities, I think, that need to be filled immediately.
One, companies like BlackBerry, but not just BlackBerry, work very closely with the universities, research institutes and small and medium-sized businesses in Canada to create new products, new IP, across that supply chain. The security assurances required are not always in place. We need to ensure that security, guarding of the IP as we develop it, is as important as developing it itself. In essence, it should be considered a national asset. When it comes to universities, I do know that CSIS is starting to push forward programs to raise awareness about security within university research labs themselves to safeguard IP. We need to act similarly with SMEs that work on IP, so if there's one recommendation I can make....
The Insurance Bureau of Canada did a survey last year asking SMEs about whether they had invested in cybersecurity. Last year 47% of them had invested zero dollars in cybersecurity. We know that SMEs are critical to IP creation. We need to do something to incentivize these SMEs to protect their IP. They're not investing in it largely, apparently, because of the cost. It's a trade-off. I think as a government and as a society we need to shift the lens to start incentivizing security to be part of that.
The last thing I'll mention is that two years ago, ISED rolled out a fantastic program, in theory, called the Canadian digital adoption plan. The idea there was to increase the use of digital technologies by small and medium-sized businesses. Cybersecurity was not included in that initially. We worked with ISED later to include that in the assessment, but these kinds of programs need to embed cyber as a fundamental core of their operations.