Investment in cyber security up 82 per cent: PwC

The survey shows that investment in safeguards against cyber security threats has increased by 82 per cent year-over-year, but it still accounts for an average of only five per cent of overall IT (information technology) spending.

Survey respondents stated that there was a 160 per cent increase in detected security incidents in 2015, compared with the previous year. And this upward trend is expected to continue.

Because of the impact cyber security attacks can have on the overall health of a company and a brand, boards are playing an increasingly significant role in informing the development of cyber security strategies, says PwC. In fact, this year’s report found that 50 per cent of Canadian companies surveyed indicated that their board participates in defining their organization’s security budgets, compared to only 25 per cent in 2014.

“Overall, the Canadian data provides solid evidence that Canadian companies are taking steps towards mitigating cyber attacks but the threat is still very real,” said Richard Wilson, partner, cyber security and privacy practice, PwC Canada. “Canadian business and public sector leaders need to better understand the full range of impacts a cyber security breach can have on their organizations. This issue has evolved far beyond data loss. Beyond financial and reputational damages, we are seeing impacts to competitiveness, product and service quality, employee retention, and the health and safety of both employees and the public.”

There are three areas where public and private sector organizations are heavily investing in cyber security right now,” said David Craig, partner, cyber security and privacy practice, PwC Canada. “Solutions to manage how employees, customers and third parties access and use data, outsourced Managed Security Services to monitor and detect security events more efficiently, and data privacy compliance in anticipation of mandatory breach notifications.”

According to the GSISS report, harnessing the power of cloud-based cyber security as a viable tool in Canada has led companies to greater productivity such as streamlined monitoring, advanced authentication, and threat intelligence. Overall, Canadian companies surveyed matched their global counterparts on the adoption of cloud-based cyber security services.

Additional findings from this year’s report include:
Evolving cyber security roles: 50 per cent of respondents have a CISO (chief information security officer) in charge of the security program.

Investing in insurance: Technically adept adversaries will always find new ways to circumvent security safeguards. That’s why many businesses (59 per cent) are purchasing cyber security insurance to help mitigate the financial impact of cybercrimes when they do occur.

Threats at home and abroad: Incidents attributed to foreign nation-states increased the most (up 67 per cent YoY) while current or recent employees continue to be the most cited source of incidents (66 per cent).

To explore the Canadian insights emerging from this year’s survey please visit: www.pwc.com/ca/gsiss.

To help executives better understand how to assign resources and protect companies, PwC Canada is launching Game of Threats™, a digital game that simulates the speed and complexity of real-world cyber breaches. Using gaming theory, the interactive game replicates real-world challenges faced by companies on a daily basis. Users will learn about different threats, identify reputational, operational, financial and regulatory impacts as well as understand what can be done to prevent an attack.