Faith in cyber security readiness is dropping

The primary challenges cited as contributing factors were insufficient numbers of in-house personnel and lack of in-house expertise.

The Cyber Security Readiness of Canadian Organizations, conducted with Canadian IT and IT security practitioners, also found the majority of respondents believed that cyber security crimes in their organizations are increasing in severity (80 per cent), sophistication (71 per cent) and frequency (70 per cent).

“IT leaders are feeling less equipped to handle the changing landscape of cyber crime,” said Ryan Wilson, chief technology officer, security, Scalar Decisions. “The year-over-year increase in cyber attacks coupled with an increase in their severity and complexity highlights the need for specialized, trained IT professionals with the tools and proficiency to provide effective security to Canada’s companies.”

Cyber security compromises are costly. Loss of intellectual property was experienced by 33 per cent of respondents in the last 24 months and 36 per cent believed it caused a loss of competitive advantage. According to responses, the average total cost of cyber attacks in the last 12 months was approximately $7 million per organization.

Cyber security spend has increased slightly from last year, with an average of 11 per cent of the IT budget dedicated to information security (versus 10 per cent in 2015).

Commissioned by Scalar and independently conducted by the Ponemon Institute, the study examined the cyber security readiness of Canadian organizations and year-over-year trends in handling and managing growing cyber threats. On average, respondents reported an average of 40 cyber attacks per year, a 17 per cent increase over last year’s report.

Despite the high number of attacks, only 38 per cent of respondents indicated their organization had systems in control to deal with advanced persistent threats (“APTs”). Overall, the greatest threat to IT networks was reported to be web-borne malware attacks, with 80 per cent pointing to this risk as the most frequent security compromise, followed by rootkits (65%).

The research also identified a subset of the sample that self-reported to have achieved a more effective cyber security posture. This “high performing” group represented 53 per cent of the sample, and when compared with the “low performing” group, it was found that high performers spend 43 per cent more of their IT budget on information security and were more likely to have their cyber security strategy fully aligned with their organization’s business objectives and mission. Relatedly, high performers were 28 per cent more confident that they are winning the cyber security war.

“A strong security posture is dependent on key factors such as awareness of the threat landscape and the collection and analysis of threat intelligence,” added Wilson. “Technologies such as network traffic surveillance and security information and event management, in combination with a full integration of cyber security strategy within business objectives contribute to an effective end-to-end security program and help organizations achieve the highest return on their IT security spend.”

All responses were captured in October 2015 via a web-based survey conducted by Ponemon Institute. The final sample was 654 respondents from a sampling frame of IT and IT security practitioners located in Canada. Respondents came from a wide variety of industries, with almost two thirds working at companies with an employee count between 251 and 5,000. The majority of respondents reported their position as at or above the supervisory level.

The full study can be downloaded at here.