According to PricewaterhouseCoopers’ (PwC) most recent Global State of Information Security Survey, Canadian companies are implementing comprehensive and integrated safeguards against cyber attacks.
However, although investments aimed at protecting against cyber attacks have increased by 82% compared to the same period last year, on average they only represent 5% of all spending on information technology.
Overall, the Canadian data provides solid evidence that Canadian companies are taking steps towards mitigating cyber attacks but the threat is still very real,” says Richard Wilson, partner in PwC Canada's cybersecurity and privacy practice.
50% of companies employ a chief of security
"Canadian business and public sector leaders need to better understand the full range of impacts a cybersecurity breach can have on their organizations. This issue has evolved far beyond data loss. Beyond financial and reputational damages, we are seeing impacts to competitiveness, product and service quality, employee retention, and the health and safety of both employees and the public," says Wilson.
This year's report also highlights how the roles related to cybersecurity have evolved: 50% of companies surveyed indicated that they employ a Chief Information Security Officer to manage their security program.
What's more, many companies (59%) say they have taken out insurance coverage to mitigate the financial consequences of cyber crime, given that there will always be technically adept adversaries who are able to get around cybersecurity measures.
Three areas of investment
Finally, the report notes that threats are both local and international: incidents emanating from other countries saw the largest increase (up 67% over last year), but the most frequently cited source of incidents remains current or recent employees (66%).
"There are 3 areas where public and private sector organizations are heavily investing in cybersecurity right now," says David Craig, another partner in PwC Canada's cybersecurity and privacy practice. "Solutions to manage how employees, customers and third parties access and use data, outsourced managed security services to monitor and detect security events more efficiently, and data privacy compliance in anticipation of mandatory breach notifications."