Digital Adoption and Cyber Security: An Analysis of Canadian Businesses
Pith reviewed 2026-05-22 19:46 UTC · model grok-4.3
The pith
Canadian businesses adopting cloud services and AI improve efficiency but face heightened cyber security risks, especially larger firms.
A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.
Core claim
The analysis reveals a digital divide linked to firm size, industry, and workforce composition. While rapid expansion of tools such as cloud services or artificial intelligence can raise efficiency, it simultaneously heightens exposure to cyber threats, particularly among larger enterprises.
What carries the argument
Survey-weight-adjusted Lasso estimator combined with a debiasing method for high-dimensional logit models, used to select predictors from constructed aggregates like the Business Digital Usage Score and a cyber security incidence variable.
If this is right
- Larger enterprises show stronger associations between digital tool adoption and subsequent cyber incidents.
- Differences in digital engagement and risk exposure vary systematically by industry and workforce characteristics.
- Firms pursuing rapid adoption of cloud services or AI must weigh measurable efficiency gains against elevated security vulnerabilities.
- The digital divide implies smaller or less tech-intensive firms may lag in both benefits and risks.
Where Pith is reading between the lines
- Targeted security support programs could help smaller firms close the adoption gap without proportional risk increases.
- Longitudinal follow-up surveys would clarify whether the observed associations persist or evolve over time.
- Industry-specific guidelines might emerge from extending the same Lasso selection to sub-samples of the data.
Load-bearing premise
The two 2021 surveys supply unbiased and comparable measures of digital usage and cyber incidents across firms of different sizes and industries, without major non-response or measurement error that would distort the selected predictors.
What would settle it
A replication using later or alternative Canadian firm-level data that finds no positive link between digital usage scores and reported cyber incidents after controlling for size and industry would undermine the central trade-off claim.
read the original abstract
This paper examines how Canadian firms balance the benefits of technology adoption against the rising risk of cyber security breaches. We merge data from the 2021 Canadian Survey of Digital Technology and Internet Use and the 2021 Canadian Survey of Cyber Security and Cybercrime to investigate the trade-off firms face when pursuing digitalization to enhance productivity and efficiency, balanced against the potential increase in cyber security risk. The analysis explores the extent of digital technology adoption, differences across industries, the subsequent associations with efficiency, and associated cyber security vulnerabilities. We build aggregate variables, such as the Business Digital Usage Score and a cyber security incidence variable to quantify each firm's digital engagement and cyber security risk. A survey-weight-adjusted Lasso estimator is employed, and a debiasing method for high-dimensional logit models is introduced to identify the predictors of technological efficiency and cyber risk. The analysis reveals a digital divide linked to firm size, industry, and workforce composition. While rapid expansion of tools such as cloud services or artificial intelligence can raise efficiency, it simultaneously heightens exposure to cyber threats, particularly among larger enterprises.
Editorial analysis
A structured set of objections, weighed in public.
Referee Report
Summary. The paper merges the 2021 Canadian Survey of Digital Technology and Internet Use with the 2021 Canadian Survey of Cyber Security and Cybercrime to study the trade-off between digital adoption and cyber risks. It constructs a Business Digital Usage Score and a cyber-incidence variable, applies a survey-weight-adjusted Lasso estimator together with a debiasing procedure for high-dimensional logit models, and reports a digital divide by firm size, industry, and workforce composition. The central finding is that tools such as cloud services and AI raise efficiency while simultaneously increasing cyber exposure, especially among larger enterprises.
Significance. If the merged-sample construction and variable definitions prove robust, the study supplies Canadian evidence on the efficiency-risk trade-off in digitalization and demonstrates the practical use of weighted Lasso with debiasing in survey data. These elements would be useful for policy discussions on digital divides and cyber-security regulation.
major comments (2)
- [Data and Methods] Data section: the description of how the two surveys are merged provides no information on whether firm-level linkage is possible or whether matching occurs only through aggregate characteristics (size, industry, region). Without this detail, it is impossible to assess whether the resulting sample preserves the original survey weights or introduces selection bias that could affect the Lasso-selected predictors of the Business Digital Usage Score and cyber incidence.
- [Empirical Analysis] Empirical section: the survey-weight-adjusted Lasso and debiasing procedure for the high-dimensional logit is presented without explicit checks that the debiasing step corrects for the specific sampling weights of the merged dataset or that post-selection inference accounts for the two-stage variable construction. This matters because the reported associations between digital tools and cyber risk rest directly on the selected predictors.
minor comments (2)
- [Abstract] The abstract states that aggregate variables are built but gives no formula or component list for the Business Digital Usage Score; this should be supplied in the main text or an appendix.
- [Results] Table or figure captions should explicitly note the effective sample size after merging and any observations dropped due to missing weights or non-response.
Simulated Author's Rebuttal
We thank the referee for the careful and constructive review. The comments highlight important areas for clarification that will improve the transparency of our data construction and empirical procedures. We respond to each major comment below and indicate the changes we will implement.
read point-by-point responses
-
Referee: [Data and Methods] Data section: the description of how the two surveys are merged provides no information on whether firm-level linkage is possible or whether matching occurs only through aggregate characteristics (size, industry, region). Without this detail, it is impossible to assess whether the resulting sample preserves the original survey weights or introduces selection bias that could affect the Lasso-selected predictors of the Business Digital Usage Score and cyber incidence.
Authors: We agree that greater detail on the merging process is necessary. The two surveys share common firm identifiers that permit direct linkage for a subset of observations; for the remainder we match on the observable characteristics of size, industry, and region while retaining the original survey weights through a combined weighting scheme. In the revised manuscript we will expand the Data section to document this procedure explicitly, report the share of observations linked by each method, and include a brief analysis of potential selection bias together with robustness checks that re-estimate the main specifications on the directly linked subsample. revision: yes
-
Referee: [Empirical Analysis] Empirical section: the survey-weight-adjusted Lasso and debiasing procedure for the high-dimensional logit is presented without explicit checks that the debiasing step corrects for the specific sampling weights of the merged dataset or that post-selection inference accounts for the two-stage variable construction. This matters because the reported associations between digital tools and cyber risk rest directly on the selected predictors.
Authors: We acknowledge the value of these additional diagnostics. In the revision we will add a dedicated subsection that (i) verifies the debiasing correction under the merged-sample weights via simulation and (ii) reports post-selection inference results that explicitly account for the two-stage construction of the Business Digital Usage Score. We will also present sensitivity checks that vary the first-stage variable construction to confirm that the key associations with cyber incidence remain stable. revision: yes
Circularity Check
No significant circularity: empirical analysis on external survey data using standard tools
full rationale
The paper merges two independent 2021 Canadian government surveys to construct aggregate variables such as the Business Digital Usage Score and cyber security incidence variable, then applies survey-weight-adjusted Lasso and a debiasing procedure for high-dimensional logit to identify predictors of efficiency and cyber risk. No equations reduce any outcome to a fitted parameter defined from the same data in a closed loop, nor does the chain rely on self-citations for uniqueness theorems, ansatzes, or load-bearing premises. The derivation is self-contained against external benchmarks and does not exhibit any of the enumerated circular patterns.
Axiom & Free-Parameter Ledger
axioms (2)
- domain assumption Survey responses accurately reflect true digital adoption and cyber incident rates without systematic bias by firm size or industry.
- standard math The survey-weight-adjusted Lasso and debiasing procedure correctly recover associations under the high-dimensional logit model.
discussion (0)
Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.