Lack of in-house expertise is cited as the primary challenge, study reveals
Toronto, ON (Feb. 4, 2015) – According to a study newly released by Canadian IT solutions integrator Scalar Decisions, only 41 percent of Canadian organizations believe they are winning the cyber security war.
The research was conducted with over 600 IT and IT security practitioners in Canada, and found that the primary challenge respondents cited was a lack of in-house expertise. Almost half (49 percent) of respondents believed that they do not have a sufficient number of in-house personnel who have such critical qualifications as job experience, professional certifications, and specialized training.
Entitled The Cyber Security Readiness of Canadian Organizations, the study examined how prepared Canadian organizations feel to respond to security attacks, how much the average attack costs, and what strategies and technologies are most effective in combatting security attacks.
More Key Findings
Respondents experienced an average of 34 attacks in the past 12 months. On average, each incident cost $208,432 in cleanup, lost time, disrupted operations, damage or theft of IT assets, and damage to reputation.
The majority of respondents believed the frequency, sophistication, and severity of attacks had increased when compared with the previous year.
Forty-six percent of respondents experienced an incident in the last year that involved the loss or exposure of sensitive information.
Thirty-five percent of respondents said their firm experienced a loss of intellectual property or other commercially sensitive business information due to cyber attacks within the last 12 months, with 32 percent of this group believing the theft caused a loss of competitive advantage.
The research identified a subset of the sample that self-reported they had achieved a more effective cyber security posture (they rated themselves as 7 or higher on a 1-10 scale of cyber security effectiveness). This “high-performing” group represented 48 percent of the sample, and when compared with the “low-performing” group, it was found that:
- High performers had almost 50 percent more of their overall IT budget dedicated to security (11.8% vs 8%).
- High performers were more likely to have their cyber security strategy aligned with their business objectives and mission.
- High performers were more likely to measure the ROI of their technology investments.
- High performers were 28 percent less likely to have experienced an attack in the last 12 months that led to the loss or exposure of sensitive information.
Among both high- and low-performing groups, the technologies showing the greatest ROI were security information and event management (SIEM), identity management and authentication, and network traffic surveillance.
“With the rise in frequency and severity of security threats, it’s not surprising that the majority of Canadian organizations feel ill-prepared to meet IT security challenges head-on,” said Paul Kerr, President and CEO of Scalar Decisions. “The growth in outsourced security services highlights the fact that most organizations need to look to third-party providers in order to gain skills and personnel that they do not possess in-house.”
“The security practices of high-performing organizations provide guidance for other companies on how they can improve their cyber security readiness,” said Dr. Larry Ponemon, Chairman and Founder of Ponemon Institute. “The study highlights that organizations which adopt a strategy to prepare for, defend against, and respond to security threats are likely to fare better in the cyber security war.”
About the Study
All responses were captured in November 2014 via a web-based survey conducted by Ponemon Institute. The final sample was 623 surveys, completed by a sampling frame of IT and IT security practitioners located in Canada. Respondents came from a wide variety of industries, with over half of the respondents working at companies with an employee count between 250 and 5,000. The majority of respondents reported their position as at or above the supervisory level.
The full study can be downloaded from Scalar Decisions: The Cyber Security Readiness of Canadian Organizations.
About Scalar Decisions
Scalar is Canada’s leading IT solutions integrator, focused on infrastructure, security, and cloud. Founded in 2004, Scalar has six offices across Canada. For the past five years, Scalar has been ranked on the PROFIT list of the fastest-growing companies in Canada, and in 2014 was ranked #1 on the Branham300 list of the Top 10 Canadian ICT Security Companies. Scalar is an official supplier to the TORONTO 2015 PanAm/Parapan Am Games for IT security, data centre integration, and managed storage services. For further information, please visit www.scalar.ca.
About Ponemon Institute
Dr. Larry Ponemon is chairman and founder of Ponemon Institute. Ponemon Institute is dedicated to independent research and education that advances responsible information and privacy management practices within business and government.