EY’s Global Information Security Survey has found that just 43 per cent of Canadian companies would be capable of detecting a sophisticated cybersecurity incident. This puts Canada below the global average of 50 per cent.

In an announcement about the survey results published this week, Abhay Raman, EY’s (Ernst & Young) Canadian Security Leader, said that while companies have stepped up their cyber efforts in the last few years, there remains a gap. “Creating a robust cybersecurity program is a long, focused process, and many companies haven't taken that step. That's why 72 per cent of our survey's respondents said they need up to 50 per cent more budget for their cyber needs.”

Financial impact of significant breaches

Raman added, "Only 6% of organizations evaluate the financial impact of every significant breach. If companies can't paint a picture of how much a cyber-attack dented their bottom line, it's difficult to make a case for greater investment. Evaluating impact is paramount."

When a significant breach occurs, firms need to be cyber-resilient and recover as rapidly as soon as possible, says EY. Fifty-two per cent of survey respondents indicated business continuity management to be a top priority along with data leakage and data loss prevention.

Phishing incidents

The main reason for breaches is end user awareness (43 per cent of incidents). This is usually related to employees falling for phishing – malicious emails that seem legitimate, which can enable cyber criminals to access internal systems. Other causes are poorly secured internet facing systems and outdated systems.

The Internet of Things

The Internet of Things (IoT) is viewed as becoming an essential element of business technology. However, the EY survey found that adoption of connected devices in being stalled by a lack of skilled resources, a lack of executive awareness or support, and budget constraints.