Canadian Underwriter
News

Canada fourth largest cyber security hub in world, Ontario has potential to assume leading role


October 19, 2016   by Canadian Underwriter


Print this page

More investment and co-ordination is needed if Ontario – which offers strengths in financial services and technology – is to realize its potential to assume a more dominant leadership role in cyber security, notes a new report issued Thursday.

Commissioned by the Ontario Centres of Excellence (OCE) and the Toronto Financial Services Alliance (TFSA), Harnessing the Cybersecurity Opportunity for Growth: Cybersecurity innovation & the financial services industry in Ontario was produced by Deloitte LLP.

Report findings are based on primary and secondary research, including interviews with 11 cyber security leaders from Ontario’s financial services institutions, and unstructured interviews with representatives from key ecosystem actors such as incubators, accelerators, venture capitalists, industry organizations, academics and former cyber security start-up executives.

Canada is the world’s fourth largest innovation hub for cyber security, notes a statement from TFSA, a public/private partnership between governments and the financial industry dedicated to enhancing and promoting the Toronto region.

Canada’s ranking – based on venture capital deals in the cyber security sector – positions it after just the United States, Israel and the United Kingdom.

That said, Ontario offers promise that it can assume a more dominant leadership role in cyber security if it takes immediate steps to seize the opportunity and is supported by additional investment and co-ordination, the report maintains.

Deloitte’s World Economic Forum’s Global Risk 2016 report identifies cyber security risk as one of the top commercial risks, along with geopolitics, the environment and the economy. “Emergent from this heightened risk landscape, however, is opportunity,” the latest report states.

Related: One in five risk managers surveyed not sure whether their cyber insurance policy covers data in cloud servers: RIMS

Ontario needs to strengthen its cyber security innovation ecosystem, with a focus on the financial services industry, as well as establish a leadership position in a globally competitive environment, the report concludes.

However, the province must move quickly since other jurisdictions around the world are poised to step into the breach. Should Ontario not move quickly, it risks “losing substantive benefits, including high-skilled jobs, long-term security and overall economic prosperity,” cautions the TFSA statement.

“Ontario has all the ingredients to become a global hub for cyber security innovation, but has not yet reached the scale and gravity necessary to compete at the highest levels,” the report concludes.

Deloitte’s “analysis identified a number of areas of strength and friction within Ontario’s cyber security innovation ecosystem on which to build and solve for.” These include the following:

  • the future of innovation in the financial services industry is intimately linked to cyber security creating opportunities for shared growth;
  • Ontario has no single centre of gravity, co-ordination or systemic catalyst to bring together its organically developed clusters of cyber security innovation;
  • there is limited collaboration on applying Ontario’s research and development strengths in related fields to cyber security problems; and
  • a historically sound regulatory environment has potentially led to a risk-averse approach to innovation for the financial services industry.

Ontario is well-positioned to access some of the largest domestic and international cyber security markets and sources of capital, the report points out.

Despite that, “a lack of visibility, a limited culture of ‘buying Canadian’ and a relatively risk-averse domestic client base has historically hindered this potential advantage for cyber security innovators in Ontario,” the report contends.

Beyond such factors is the influence of how attacks are changing. “The traditional network perimeter, which offered a clear boundary for protection, is becoming blurred due to the rise of IoT, mobile and cloud-based channels. This, in turn, is increasing the importance of protecting individual end-points,” it notes.

“With the assumption that attackers will breach the perimeter, protecting the end-point becomes more critical,” the report contends.

“As attackers intend to keep a low profile, it is also essential to develop advanced threat intelligence and detection capabilities,” it attacks.

Cyber security poses risks to all businesses, but particularly to the financial services industry, TFSA president and CEO Janet Ecker says in the statement.

Because Canada’s financial industry is headquartered in the Toronto-Waterloo innovation corridor, “this presents a huge opportunity to build capacity to support the financial industry and to generate economic growth,” Ecker maintains.

“We have already established significant clusters of cyber security innovation. What’s needed now is the co-ordination and focused support that will take this to a new level of global competitiveness,” says OCE president and CEO Tom Corr.

Within the financial services industry, “cyber security is an increasingly important operational risk, critical to maintaining customer privacy, securing the transfer of value, and the trusted reputation on which the financial system relies.”

Given the high-trust requirements of the financial industry, “cyber security must be part of the core functionality of emerging fintech solutions,” the report points out.

“We posit that the futures of fintech and cyber security innovation are tightly linked and contribute to the backdrop of the social, economic and technological trends shaping cyber security innovation in the financial industry.”

Related: InsurTechs driving disruptive innovation in insurance customer engagement: U.S. report

Ontario represents a significant portion of Canada’s cyber security deal flow, with more than 50 deals and about $244 million in capital invested between 2011 and 2015, the report notes.

“Deal activity, however, has not grown at the pace of other cyber security hubs around the world. Cyber security venture capital funding in the U.K. surpassed Ontario for the first time in 2015, both in terms of total capital invested and deal count,” it adds.

“Current estimates place the size of the global cyber security market at $106 billion in 2015, and predict an average compound annual growth rate of approximately 10% through 2020,” states the report.

“At the same time, the global costs of cyber crime are estimated to be growing even faster,” it notes, adding that some analysts (though higher than the consensus estimates) are projecting the market will exceed $1 trillion by 2021.

North America and Europe are the current (2016) and foreseeable top buyers, with the Asia-Pacific region rapidly emerging as a key cyber security market.

Looking at Canada specifically, the report notes some analysts posit that cyber security spending is set to exceed $2 billion in 2016.

“Financial services firms allocate one of the highest dollar amounts to cyber security as a percentage of overall IT spend, second only to national governments,” the report points out. This translates to the average financial institution spending about $980 per employee on cyber security in 2016.

Access and identification (up 88%), advanced malware protection (up 80%) and end-point protection (up 75%) are the cyber security technologies poised for the highest growth globally and across industries.

“These investment priorities are largely echoed by the responses to our survey of Canadian financial services industry cyber security leaders who cite training and awareness, identity and access management, and cloud and mobile security as the top domains for increased investment over the next two to five years.”

Deloitte’s strategic recommendations are as follows:

  • form a cyber security innovation platform and hub;
  • develop a co-ordinated talent strategy;
  • foster research, development and investment in areas of strength; and
  • augment policy and regulatory support for cyber security innovation.