THE CYBER SECURITY READINESS OF CANADIAN ORGANIZATIONS Results of the 2015 Scalar Security Study Research independently conducted by Ponemon Institute Published February 2015

www.scalar.ca

WE WANTED TO KNOW: o  HOW PREPARED DO CANADIAN ORGANIZATIONS FEEL TO

RESPOND TO CYBER SECURITY ATTACKS? o WHAT IS THE AVERAGE COST OF ATTACKS ON CANADIAN

ORGANIZATIONS? o WHAT STRATEGIES AND TECHNOLOGIES ARE MOST

EFFECTIVE IN COMBATTING SECURITY ATTACKS? o WHICH ORGANIZATIONS ARE MOST PREPARED TO DEAL

WITH AN ATTACK, AND HOW DO THEY DIFFER FROM ORGANIZATIONS WHICH ARE UNPREPARED?

WE RECEIVED RESPONSES FROM OVER 600 IT AND IT SECURITY PRACTITIONERS, FROM A VARIETY OF INDUSTRIES, WITH OVER HALF COMING FROM ORGANIZATIONS WITH AN EMPLOYEE COUNT BETWEEN 250 AND 5,000

KEY

FINDINGS

ONLY

41 % OF RESPONDENTS BELIEVE THEY ARE WINNING THE CYBER SECURITY WAR

CHALLENGES TO ACHIEVING

CYBER SECURITY EFFECTIVENESS: o LACK OF IN-HOUSE EXPERTISE o LACK OF COLLABORATION WITH OTHER

FUNCTIONS o  INSUFFICIENT PERSONNEL o LACK OF CLEAR LEADERSHIP o  INSUFFICIENT BUDGET

ORGANIZATIONS IN CANADA EXPERIENCE AN AVERAGE OF

CYBER ATTACKS PER YEAR

34

46% OF RESPONDENTS EXPERIENCED AN

ATTACK IN THE LAST 12 MONTHS WHICH

LED TO THE LOSS OR EXPOSURE OF

SENSITIVE INFORMATION

EACH INCIDENT COSTS AN AVERAGE OF

$208, 432 IN

$19,883  

$29,035  

$38,310  

$45,177  

$76,087  DAMAGE  TO  REPUTATION  AND  MARKETPLACE  IMAGE  

DAMAGE  OR  THEFT  OF  IT  ASSETS  AND  INFRASTRUCTURE  

DISRUPTION  TO  NORMAL  OPERATIONS  

LOST  USER  PRODUCTIVITY  

CLEANUP  OR  REMEDIATION  

HOWEVER,

IT’S NOT ALL BAD NEWS. OUR RESEARCH FOUND THAT ORGANIZATIONS CAN TAKE DEFINITIVE STEPS TO ACHIEVE A STRONGER SECURITY POSTURE…

OUR RESEARCH IDENTIFIED A SUBSET OF THE SAMPLE THAT SELF-REPORTED THEY HAD

ACHIEVED A MORE EFFECTIVE CYBER SECURITY POSTURE (THEY RATED THEMSELVES AS 7 OR

HIGHER ON A 1-10 SCALE OF CYBER SECURITY EFFECTIVENESS). THIS “HIGH-PERFORMING”

GROUP REPRESENTED 48 PERCENT OF THE SAMPLE, AND WE COMPARED THEIR

BEHAVIOURS WITH THE REMAINING 52 PERCENT OF THE SAMPLE, THE “LOW

PERFORMERS”…

HIGH-PERFORMING ORGANIZATIONS: o ARE MORE AWARE OF THE THREAT

LANDSCAPE o HAVE A HIGHER PERCENTAGE OF THEIR

IT BUDGET DEDICATED TO SECURITY o  INVEST IN CUTTING EDGE

TECHNOLOGIES o MEASURE THE ROI OF THOSE

TECHNOLOGIES o AND HAVE A SECURITY STRATEGY THAT

IS ALIGNED WITH THEIR BUSINESS OBJECTIVES AND MISSION

THESE HIGH PERFORMING

ORGANIZATIONS ARE

28% LESS LIKELY THAN LOW-

PERFORMERS TO HAVE EXPERIENCED

AN ATTACK IN THE LAST YEAR THAT INVOLVED THE LOSS

OR EXPOSURE OF SENSITIVE INFORMATION

SOME OF THE SECURITY TECHNOLOGIES SHOWING THE HIGHEST ROI:  

25%  

26%  

29%  

44%  

38%  

43%  

35%  

41%  

42%  

48%  

53%  

58%  

ENDPOINT  SECURITY  SOLUTIONS  

NEXT-­‐GENERATION  FIREWALLS  

ENCRYPTION  FOR  DATA  AT  REST  

NETWORK  TRAFFIC  SURVEILLANCE  

IDENTITY  MANAGEMENT  &  AUTHENTICATION  

SECURITY  INFORMATION  AND  EVENT  MANAGEMENT  (SIEM)  

HIGH  PERFORMING  COMPANY   LOW  PERFORMING  COMPANY  

THE PRACTICES OF HIGH-PERFORMING ORGANIZATIONS PROVIDE GUIDANCE ON HOW ORGANIZATIONS CAN IMPROVE THEIR CYBER SECURITY EFFECTIVENESS…

PREPARE BE MORE AWARE OF THREATS AND ALIGN YOUR SECURITY STRATEGY WITH BUSINESS OBJECTIVES AND MISSION. INVEST IN A SECURITY AUDIT TO HELP YOU DO SO.

DEFEND ALLOCATE MORE OF YOUR BUDGET TO IT SECURITY, AND INVEST IN CUTTING-EDGE TECHNOLOGIES WITH HIGH ROI. PROACTIVELY RECRUIT EXPERTS TO JOIN YOUR CYBERSECURITY TEAM.

RESPOND LEVERAGE TECHNOLOGIES, PEOPLE, AND PROCESS TO QUICKLY CONTAIN THREATS AS THEY ARISE, AND CONDUCT REGULAR ANALYSIS TO IDENTIFY AREAS FOR IMPROVEMENT.

DOWNLOAD THE COMPLETE STUDY http://hubs.ly/y0tFbr0