Canadian Security Magazine

Nine out of 10 of Canadian companies suffered a cybersecurity breach in 2017

By Canadian Security   

News Data Security annex breach canadian companies cybersecurity data breach data security scalar study

According to the 2018 Scalar Security Study (commissioned by Scalar and conducted independently by IDC Canada), Canadian organizations are attacked in varying degrees of severity more than 450 times per year, with 87 per cent suffering at least one successful breach. Almost half (46 per cent) are not confident in their ability to defend against attacks.

“As cybersecurity breaches become the new normal, organizations can’t be complacent. Many companies are still reporting gaps in their defences despite hiring full-time security staff, which may point to a deficit in the availability of highly skilled IT workers,” said Theo Van Wyk, Chief Security Architect, Scalar Decisions. “The rising number of high-impact breaches coincides with the increasing costs of recovery.”

The study, examining the cybersecurity readiness of Canadian organizations and year-over-year trends in handling and managing growing cyber threats, also found:

• Of the companies that suffered a security breach, 47 per cent had sensitive data stolen
• One in five breaches were classified as “high impact,” where sensitive customer or employee information was exposed
• 36 per cent of respondents are not confident in their company’s ability to respond to security breaches
• The average company spends $3.7 million in direct and indirect costs to recover from security breaches
• One-fifth of smaller organizations believe they don’t have enough resources to effectively defend against attacks
• Firms dedicate about 10 per cent of their IT budgets to security spending
• A majority of respondents do not train employees to identify attacks, such as phishing scams, or to update software with the latest security measures
• Almost three-quarters of respondents don’t comprehensively analyze how third-party relationships effect their overall cybersecurity planning

“Canadian companies are getting better at prioritizing cybersecurity, but there is still a substantial lack of training and planning,” added Van Wyk. “Organizations need to look beyond their infrastructure and weigh the insider and third-party risks they face. If this can’t be tackled in-house, then external expertise is an efficient way to shore up their defences.”

All responses for the study were captured in November and December 2017 by IDC Canada through a Canada-wide cross-industry survey of 421 IT security and risk & compliance professionals.

Print this page


Stories continue below