February 9, 2016
According to a study released today by Scalar Decisions Inc. only 37% of Canadian organizations believe they are winning the cyber security war, a decrease of 4% over 2015’s study. The primary challenges cited as contributing factors were insufficient numbers of in-house personnel and lack of in-house expertise.
The Cyber Security Readiness of Canadian Organizations, conducted with Canadian IT and IT security practitioners, also found the majority of respondents believed that cyber security crimes in their organizations are increasing in severity (80%), sophistication (71%) and frequency (70%).
Cyber security compromises are costly. Loss of intellectual property was experienced by 33% of respondents in the last 24 months and 36% believed it caused a loss of competitive advantage.
According to responses, the average total cost of cyber attacks in the last 12 months was approximately $7 million per organization. Cyber security spend has however increased slightly from last year, with an average of 11% of the IT budget dedicated to information security (versus 10% in 2015).
“IT leaders are feeling less equipped to handle the changing landscape of cyber crime,” said Ryan Wilson, chief technology officer, security at Scalar, an IT solutions integrator. “The year-over-year increase in cyber attacks coupled with an increase in their severity and complexity highlights the need for specialized, trained IT professionals with the tools and proficiency to provide effective security to Canada’s companies.”
Commissioned by Scalar and independently conducted by the Ponemon Institute, the study examined the cyber security readiness of Canadian organizations and year-over-year trends in handling and managing growing cyber threats. On average, respondents reported an average of 40 cyber attacks per year, a 17% increase over last year’s report. Despite the high number of attacks, only 38% of respondents indicated their organization had systems in control to deal with advanced persistent threats (“APTs”).
Overall, the greatest threat to IT networks was reported to be Web-borne malware attacks, with 80% pointing to this risk as the most frequent security compromise, followed by rootkits (65%).
The research also identified a subset of the sample that self-reported to have achieved a more effective cyber security posture. This “high performing” group represented 53% of the sample, and when compared with the “low performing” group, it was found that high performers spend 43% more of their IT budget on information security and were more likely to have their cyber security strategy fully aligned with their organization’s business objectives and mission.
Relatedly, high performers were 28% more confident that they are winning the cyber security war.
“A strong security posture is dependent on key factors such as awareness of the threat landscape and the collection and analysis of threat intelligence,” said Wilson. “Technologies such as network traffic surveillance and security information and event management, in combination with a full integration of cyber security strategy within business objectives contribute to an effective end-to-end security program and help organizations achieve the highest return on their IT security spend.”
The full study can be downloaded at http://www.scalar.ca/security-study-2016