Canadian Security Magazine

60% of Canadian businesses don’t have a security strategy: report

By Canadian Security   

News Data Security cisco cyber attack network security

According to new research from Cisco, Canadian businesses are not equipped to respond to security threats within their networks. The study, which combines the views of Canadian businesses and consumers about security at work, also found there are discrepancies between the preparedness of large and small businesses.

Respondents were asked questions about security policies, practices and recent cyber-attacks at their business, including their security preparedness for new IT consumption models such as mobile and cloud-based applications.

Cisco’s findings indicate many Canadian businesses operate without any security strategy for their network, leaving them woefully underprepared to take advantage of new opportunities created by the Internet of Everything (IoE) and making them highly susceptible to threats such as data loss or theft.

With IoE driving the connection of people, processes, data, and things, the number and type of attack vectors will continue to increase exponentially, driving the mandate that security must become top of mind for businesses in today’s connected world.

Key Findings


Canadian businesses are unprepared for future security threats.

· 6 out of 10 businesses either do not have a security strategy in place, and/or are unsure whether their security strategy accounts for an evolving data centre and IT consumption model, or do not have a strategy to prepare for these changes.
· Nearly one in 10 (8%) of Canadian businesses overall are still unsure whether they experienced a security threat, attack or breach on their network in the last 12 months.
· 15% of Canadian businesses still do not have a security strategy in place.
· 1 in 5 (22%) Canadian businesses report they have experienced a threat, attack or breach in the last 12 months.
· Canadian businesses with less than 100 employees are the most likely to not have a security strategy (26%), while mid-sized businesses are the least likely to have a strategy in place for changing IT consumption models (25%).
· One in three (31%) of Canada’s largest companies are unsure whether their IT security strategy accounts for evolving data centre and IT consumption models.

Canadian businesses are slow to protect company data on employee-owned devices.

· Less than 60% of Canadian businesses have IT solutions in place to protect company data on employee-owned devices.
· Nearly a quarter (24%) of employed Canadians use a personal device for work despite being employed by a company that does not allow this practice. Another 11% do so without knowing if it is allowed by their employer or not.
· The Canadian businesses most prepared to protect company data on employee-owned devices are those with more than 1000 employees (64%). Those least prepared are businesses with less than 100 employees (44%).
· Almost half (48%) of employed Canadians believe they are allowed to bring and use personal devices on the corporate network, while 57% of Canadian businesses believe they have IT solutions in place to protect data on employee-devices.

“It’s concerning  to see such overall confusion about security today, especially given all the new connections between people, processes, data, and things, but the good news is Canadian businesses have the right knowledge to make changes to their current predicament, and realize the value of the Internet of Everything,” says Ahmed Etman, General Manager of Cyber Security, Cisco Canada. “Our findings indicate 95% of Canadian businesses know whether or not they protect company data on employee-owned devices. The challenge now becomes changing security practices so they have the right level of protection for our connected world.”

“What is troubling for Canadian businesses is that these results only represent known breaches and attacks, so it brings up the possibility that small, mid-size and even public sector organizations are actually experiencing more breaches and attacks than enterprises, but they are less aware,” say Warren Shiau, Director, Buyer Behaviour Research Practice, IDC Canada.

About the results
Data compiled through two online surveys conducted by IDC Canada over the months of August and September 2014, with a representative sample of 2,000 Canadians, aged 18 years and older, and a sample of 498 Canadian organizations across sectors and business sizes.

Print this page


Stories continue below


Leave a Reply

Your email address will not be published. Required fields are marked *