The 2016 Canadian edition of PwC’s Global State of Information Security Survey 2016 reveals that while Canadian companies match their global counterparts on the adoption of cloud-based cybersecurity services, detected cybersecurity incidents in Canada nonetheless increased dramatically.
While it’s encouraging that Canadian business spending on safeguarding against cybersecurity threats has increased by 82% year over year, that increase is outpaced by the spike in incidents, and still represents only 5% of total spending on Information Technology.
Reading through the statistical categories, it is encouraging that Canada outperforms the global average on several key fronts, such as employee training and awareness and active security monitoring analysis.
Even so, the report sees five key areas for improvement: 1) Organizational boards or leaders don’t always see the link between cybersecurity & performance 2) Poor visibility of the full range of cybersecurity threats and impacts that may harm their organization 3) Organizations don’t identify their most valuable assets and/or don’t specify who or where they may be accessed 4) Leaders view cybersecurity as an IT issue, versus a business issue and 5) implementing “single layer” cybersecurity defenses (e.g. just firewalls), versus a multilayer strategy.
“Overall, the Canadian data provides solid evidence that Canadian companies are taking steps towards mitigating cyberattacks but the threat is still very real,” said Richard Wilson, Partner, Cybersecurity & Privacy Practice, PwC Canada. “Canadian business and public sector leaders need to better understand the full range of impacts a cybersecurity breach can have on their organizations. This issue has evolved far beyond data loss. Beyond financial and reputational damages, we are seeing impacts to competitiveness, product and service quality, employee retention, and the health and safety of both employees and the public.”
The widespread use of cloud-based services over the past few years has obviously led companies around the world to greater business productivity, as well as cloud-based cybersecurity improvements including more streamlined monitoring, better authentication and improved threat intelligence.
One interesting stat from the report finds that board participation in the development of cybersecurity strategies has increased from 25% in 2014 to 50% this past year, perhaps signalling that companies are taking these threats increasingly seriously at the board level.
That makes sense, given that a publicized security breach can not just harm a brand’s image, but outright threaten to destroy it in the mind of the public.
The optics around cyber-breaches are so real that most security breaches are never even made public.
To strengthen awareness of the threat posed by cybersecurity risk, PwC has launched “Game of Threats”, an “exclusive digital simulation” mean to educate leaders and employees on cybersecurity.
The interactive game replicates real-world threats, with the intention of identifying reputational, operational, financial and regulatory impacts faced by companies that have been infiltrated by a malicious actor.