Canadian companies face almost constant cyber security threats, resulting in a rising number of incidents where sensitive data is stolen, according to the findings of a new study from Scalar Decisions.
The 2018 Scalar Security Study showed that Canadian organisations are attacked in varying degrees of severity more than 450 times per year, with 87% suffering at least one successful breach. Almost half (46%) are not confident in their ability to defend against attacks, and the majority of respondents do not train employees to identify attacks, such as phishing scams, or to update software with the latest security measures.
“As cyber security breaches become the new normal, organisations can’t be complacent. Many companies are still reporting gaps in their defences despite hiring full-time security staff, which may point to a deficit in the availability of highly skilled IT workers,” said Theo Van Wyk, Chief Security Architect at Scalar Decisions. “The rising number of high-impact breaches coincides with the increasing costs of recovery.”
The study, examining the cyber security readiness of Canadian organisations and year-over-year trends in handling and managing growing cyber threats, also found that, of the companies that suffered a security breach, 47% had sensitive data stolen, with one-in-five breaches being classified as ‘high-impact’ where sensitive customer or employee information was exposed. Over a third (36%) of respondents stated they were not confident in their company’s ability to respond to security breaches.
The average company spends CAD$3.7 million in direct and indirect costs to recover from security breaches, and one-fifth of smaller organisations believe they don’t have enough resources to effectively defend against attacks. Firms dedicate about 10% of their IT budgets to security spending.Scalar
“Canadian companies are getting better at prioritising cyber security, but there is still a substantial lack of training and planning,” added Van Wyk. “Organisations need to look beyond their infrastructure and weigh the insider and third-party risks they face. If this can’t be tackled in-house, then external expertise is an efficient way to shore up their defences.“