Less than half of Canadian organizations believe they are winning the cyber security war
Toronto, ON--According to a study released today by Canadian IT solutions integrator, Scalar Decisions, only 41 per cent of Canadian organizations believe they are winning the cyber security war. The research was conducted with over 600 IT and IT security practitioners in Canada, and found that the primary challenge respondents cited was a lack of in-house expertise. Almost half (49 per cent) of respondents believed that they do not have a sufficient number of in-house personnel who have such critical qualifications as job experience, professional certifications, and specialized training.
Entitled The Cyber Security Readiness of Canadian Organizations, the study examined how prepared Canadian organizations feel to respond to security attacks, how much the average attack costs, and what strategies and technologies are most effective in combatting security attacks.
Other Key Findings
Respondents experienced an average of 34 attacks in the past 12 months.
On average, each incident cost $208,432 in cleanup, lost time, disrupted operations, damage or theft of IT assets, and damage to reputation.
The majority of respondents believed the frequency, sophistication, and severity of attacks had increased when compared with the previous year.
Forty-six per cent of respondents experienced an incident in the last year that involved the loss or exposure of sensitive information.
Thirty-five per cent of respondents said their firm experienced a loss of intellectual property or other commercially sensitive business information due to cyber attacks within the last 12 months, with 32 per cent of this group believing the theft caused a loss of competitive advantage.
The research identified a subset of the sample that self-reported they had achieved a more effective cyber security posture (they rated themselves as 7 or higher on a 1-10 scale of cyber security effectiveness). This "high-performing" group represented 48 per cent of the sample, and when compared with the "low-performing" group, it was found that:
High performers had almost 50 per cent more of their overall IT budget dedicated to security (11.8 per cent vs 8 per cent).
High performers were more likely to have their cyber security strategy aligned with their business objectives and mission.
High performers were more likely to measure the ROI of their technology investments.
High performers were 28 per cent less likely to have experienced an attack in the last 12 months that led to the loss or exposure of sensitive information.
Among both high- and low-performing groups, the technologies showing the greatest ROI were security information and event management (SIEM), identity management and authentication, and network traffic surveillance.
Paul Kerr , President and CEO of Scalar Decisions
"With the rise in frequency and severity of security threats, it's not surprising that the majority of Canadian organizations feel ill-prepared to meet IT security challenges head-on. The growth in outsourced security services highlights the fact that most organizations need to look to third-party providers in order to gain skills and personnel that they do not possess in-house."
Dr. Larry Ponemon, Chairman and Founder of Ponemon Institute
"The security practices of high-performing organizations provide guidance for other companies on how they can improve their cyber security readiness. The study highlights that organizations which adopt a strategy to prepare for, defend against, and respond to security threats are likely to fare better in the cyber security war."
About the results
All responses were captured in November 2014 via a web-based survey conducted by Ponemon Institute. The final sample was 623 surveys, completed by a sampling frame of IT and IT security practitioners located in Canada. Respondents came from a wide variety of industries, with over half of the respondents working at companies with an employee count between 250 and 5,000. The majority of respondents reported their position as at or above the supervisory level.
The full study can be downloaded at http://www.scalar.ca/security-study-2015