Only 43% of Canadian firms could detect a sophisticated cyber-attack

EY survey shows most companies don't know the financial impact of breaches.

As the frequency and scale of cyber-attacks show no signs of abating, the majority of Canadian companies still wouldn’t be able to detect a sophisticated breach. According to EY’s Global Information Security Survey, only 43% of Canadian companies could spot a significant cybersecurity incident, compared to 50% globally.

“Organizations have stepped up their cyber efforts in the last few years, but these results still point to a gap,” says Abhay Raman, EY’s Canadian Cybersecurity Leader. “Creating a robust cybersecurity program is a long, focused process, and many companies haven’t taken that step. That’s why 72% of our survey’s respondents said they need up to 50% more budget for their cyber needs.”

Raman adds, “Only 6% of organizations evaluate the financial impact of every significant breach. If companies can’t paint a picture of how much a cyber-attack dented their bottom line, it’s difficult to make a case for greater investment. Evaluating impact is paramount.”

As organizations progress in their cyber security journey, they’re turning their attention to being cyber-resilient. When a significant cyber breach occurs, a business needs to recover and get back up on its feet as soon as possible. Over half (52%) of Canadian respondents rated business continuity management as one of their top priorities, alongside data leakage and data loss prevention.

Top reasons for breaches

In the survey, end user awareness emerged as the top control failure that led to a breach. This weakness is primarily exploited through phishing, where company employees engage with malicious emails disguised as authentic. In the process, they unknowingly let the attackers access internal systems.

The top control or process failures that led to the most significant cyber breach last year:

  • End user awareness, exploited via phishing (43%)
  • Poorly secured internet-facing systems and/or applications (11%)
  • Outdated/unpatched systems (8%)

The Internet of Things, or IoT is leading change in the digital landscape, and it’s fast becoming the must-have element of business technology. However, the lack of skilled resources and executive support are hampering the wider adoption of connected devices.

“Connected devices could bring a new business opportunities, business revenue growth and cost reductions,” says Raman. “Especially in our slow-growth economy, businesses should invest in the right talent and internal awareness to increase their competitiveness through IoT.”

According to EY’s survey, the main obstacles that need to be overcome to enable the wider adoption of IoT devices are:

  • Lack of skilled resources (43%)
  • Lack of executive awareness or support (43%)
  • Budget constraints (32%)
Copyright © 2017 Transcontinental Media G.P.
Transcontinental Media G.P.