Investments in cybersecurity by Canadian enterprises increased 82 percent year over year, but incidents increased by twice that over the same period, according to research released Wednesday by PwC .The Global State of Information Security (GSIS) Survey 2016 indicates a gap in executive understanding of the threat landscape, and PwC has launched a cyber breach simulation “Game of Threats” to bridge the gap with education.
Despite the increase in cybersecurity spending, it represents only 5 percent of overall IT spending. The number of Canadian companies indicating board-level involvement in security budgets doubled to 50 percent in 2015, and the same number employ a Chief Information Security Officer. CISO employment was the only safeguard the survey found was less common in Canada than globally, while Canadian companies are a little more likely than the global average to have an overall information security strategy or active monitoring analysis of security intelligence.
“Canadian business and public sector leaders need to better understand the full range of impacts a cybersecurity breach can have on their organizations,” Richard Wilson, Partner, Cybersecurity & Privacy Practice, PwC Canada said in a statement. “This issue has evolved far beyond data loss. Beyond financial and reputational damages, we are seeing impacts to competitiveness, product and service quality, employee retention, and the health and safety of both employees and the public.”
Cybersecurity insurance coverage grew to 59 percent of companies in 2015, the survey says, while 54 percent now use big data security analytics, and use of cloud-based security services has grown to 64 percent, roughly matching global averages for cloud security services.
“There are 3 areas where public and private sector organizations are heavily investing in cybersecurity right now,” said David Craig, Partner, Cybersecurity & Privacy Practice, PwC Canada. “Solutions to manage how employees, customers and third parties access and use data, outsourced Managed Security Services to monitor and detect security events more efficiently, and data privacy compliance in anticipation of mandatory breach notifications.”
Microsoft CEO Satya Nadella told a Toronto audience in November that a holistic approach is necessary to secure networks, which the GSIS Survey 2016 says Canadian companies are taking steps towards.