December 3, 2015 by Canadian Underwriter
Just one in five Canadian companies taking part in a recent Deloitte Canada survey report being prepared to effectively respond to a cyber attack.
The survey – results of which are detailed in Navigating a harsh cyber security landscape – involves input from information technology leaders from 100-plus Canadian businesses representing all major sectors of the Canadian economy.
The results indicate some positives, suggests a press release issued Thursday by Deloitte Canada. For example, the majority of Canadian companies surveyed report they consider themselves to be prepared for a cyber attack.
But now for the bad: just 36% of respondents say their businesses have in place effective procedures and technologies to protect critical assets, and only about a tenth of companies polled have a high level of preparedness in the face of cyber threats (secure, vigilant and resilient procedures are in place), the company statement adds.
“Cyber threats are becoming increasingly common as attackers fine-tune strategies and tactics to avoid detection. Yet many Canadian companies have not prepared for a cyber attack – and they don’t even know it,” Nick Galletto, Partner, Deloitte Cyber Risk Services Leader for the Americas and Canada, says in the press release.
Calling the lack of preparedness “very concerning,” Galletto explains that companies “are not ready face numerous cyber risks, including advanced persistent threats, where a system is secretly infiltrated by cyber entities that remain behind the company’s walls gathering information. This kind of attack can go on for months and years if a company is unsuspecting and result in significant, expensive and brand-damaging data security and privacy breaches.”
Among the better-prepared companies, Deloitte Canada reports the majority work with a managed security service provider, or MSSP. That said, fewer than half of Canadian companies surveyed have partnerships like this.
“MSSP clients were more likely to have defined cyber resiliency processes, test their preparedness through cyber drills, monitor cyber chatter about their brand, products, and what’s being said about their environment,” Deloitte Canada notes.
Making the right investment in people, technology and processes can help not only to identify cyber threats, but also to recover from an attack, Galletto says. Noting that these kinds of companies show proactive threat management, “they are vigilant, they learn from their experience, and the experience of others, so they can become more resilient,” he continues.
Other survey results include the following:
Deloitte Canada recommends that businesses looking to bolster their cyber preparedness do the following:
Have your say: