Many Canadian businesses won’t boost IT security budgets despite rising cyber threats

EY survey reveals cyber threats on the rise, but 42% of Canadian businesses have no plans to boost IT security budgets in 2015

Toronto, ON (Nov. 19, 2014) – While 92% of Canadian organizations say they are facing rising threats in their information security risk environment, 42% say their information security budgets will remain the same or decrease in 2015, according to EY’s annual Global Information Security survey, Get Ahead of Cybercrime.

Further, the survey shows that 54% of Canadian respondents say it’s “highly unlikely” or “unlikely” that their organization would be able to detect a sophisticated cyber attack. The survey also reveals that budget constraints aren’t the only hurdle: a lack of skilled resources is the main challenge in combating cyber threats for 57% of Canadian survey respondents.

“Clearly, this situation is not sustainable in the medium to long term,” says Ga�tan Houle, National IT Security Practice Leader at EY. “Organizations need to find a way to increase their resilience to cyber attacks with the same amount of financial and personnel resources. Support from Managed Security Services Providers (MSSP) could be an option to consider for several small to medium companies.”

The new trend of migrating the management or monitoring of IT security infrastructure to an MSSP is a move that can offer a sustainable security management framework in the long run. MSSPs offer services ranging from basic hosting to a full outsourced security operations center.

According to EY, the migration to an MSSP should include all aspects of managing the transition from the current to the future state. Focus areas are:

  • Scoping what needs to be managed by an MSSP;
  • Establishing realistic service level agreements;
  • Negotiating a flexible contract with the MSSP that will adapt to changing threats;
  • Integrating your incident response process with the MSSP’s;
  • Generating security metrics to measure the effectiveness of services provided by the MSSP.

“To get ahead of cybercrime, organizations need to embrace cybersecurity as a core competitive capability,” says Houle. “This requires keeping the organization in a constant state of readiness, adding capabilities before they’re needed and preparing for threats before they arise.”

Houle concludes: “The question now is no longer: can you afford an MSSP? Companies should be considering: can you afford all the security needed to protect against new cyber threats?”

For further information and to download the 2014 report, visit

About EY

EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities.

EY is proudly celebrating 150 years in Canada. For more information, please visit

EY refers to the global organization and may refer to one or more of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit