THE CYBER SECURITY READINESS OF CANADIAN ORGANIZATIONS Results of the 2015 Scalar Security Study Research independently conducted by Ponemon Institute Published February 2015
www.scalar.ca
WE WANTED TO KNOW: o HOW PREPARED DO CANADIAN ORGANIZATIONS FEEL TO
RESPOND TO CYBER SECURITY ATTACKS? o WHAT IS THE AVERAGE COST OF ATTACKS ON CANADIAN
ORGANIZATIONS? o WHAT STRATEGIES AND TECHNOLOGIES ARE MOST
EFFECTIVE IN COMBATTING SECURITY ATTACKS? o WHICH ORGANIZATIONS ARE MOST PREPARED TO DEAL
WITH AN ATTACK, AND HOW DO THEY DIFFER FROM ORGANIZATIONS WHICH ARE UNPREPARED?
WE RECEIVED RESPONSES FROM OVER 600 IT AND IT SECURITY PRACTITIONERS, FROM A VARIETY OF INDUSTRIES, WITH OVER HALF COMING FROM ORGANIZATIONS WITH AN EMPLOYEE COUNT BETWEEN 250 AND 5,000
CHALLENGES TO ACHIEVING
CYBER SECURITY EFFECTIVENESS: o LACK OF IN-HOUSE EXPERTISE o LACK OF COLLABORATION WITH OTHER
FUNCTIONS o INSUFFICIENT PERSONNEL o LACK OF CLEAR LEADERSHIP o INSUFFICIENT BUDGET
46% OF RESPONDENTS EXPERIENCED AN
ATTACK IN THE LAST 12 MONTHS WHICH
LED TO THE LOSS OR EXPOSURE OF
SENSITIVE INFORMATION
EACH INCIDENT COSTS AN AVERAGE OF
$208, 432 IN
$19,883
$29,035
$38,310
$45,177
$76,087 DAMAGE TO REPUTATION AND MARKETPLACE IMAGE
DAMAGE OR THEFT OF IT ASSETS AND INFRASTRUCTURE
DISRUPTION TO NORMAL OPERATIONS
LOST USER PRODUCTIVITY
CLEANUP OR REMEDIATION
HOWEVER,
IT’S NOT ALL BAD NEWS. OUR RESEARCH FOUND THAT ORGANIZATIONS CAN TAKE DEFINITIVE STEPS TO ACHIEVE A STRONGER SECURITY POSTURE…
OUR RESEARCH IDENTIFIED A SUBSET OF THE SAMPLE THAT SELF-REPORTED THEY HAD
ACHIEVED A MORE EFFECTIVE CYBER SECURITY POSTURE (THEY RATED THEMSELVES AS 7 OR
HIGHER ON A 1-10 SCALE OF CYBER SECURITY EFFECTIVENESS). THIS “HIGH-PERFORMING”
GROUP REPRESENTED 48 PERCENT OF THE SAMPLE, AND WE COMPARED THEIR
BEHAVIOURS WITH THE REMAINING 52 PERCENT OF THE SAMPLE, THE “LOW
PERFORMERS”…
HIGH-PERFORMING ORGANIZATIONS: o ARE MORE AWARE OF THE THREAT
LANDSCAPE o HAVE A HIGHER PERCENTAGE OF THEIR
IT BUDGET DEDICATED TO SECURITY o INVEST IN CUTTING EDGE
TECHNOLOGIES o MEASURE THE ROI OF THOSE
TECHNOLOGIES o AND HAVE A SECURITY STRATEGY THAT
IS ALIGNED WITH THEIR BUSINESS OBJECTIVES AND MISSION
THESE HIGH PERFORMING
ORGANIZATIONS ARE
28% LESS LIKELY THAN LOW-
PERFORMERS TO HAVE EXPERIENCED
AN ATTACK IN THE LAST YEAR THAT INVOLVED THE LOSS
OR EXPOSURE OF SENSITIVE INFORMATION
SOME OF THE SECURITY TECHNOLOGIES SHOWING THE HIGHEST ROI:
25%
26%
29%
44%
38%
43%
35%
41%
42%
48%
53%
58%
ENDPOINT SECURITY SOLUTIONS
NEXT-‐GENERATION FIREWALLS
ENCRYPTION FOR DATA AT REST
NETWORK TRAFFIC SURVEILLANCE
IDENTITY MANAGEMENT & AUTHENTICATION
SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)
HIGH PERFORMING COMPANY LOW PERFORMING COMPANY
THE PRACTICES OF HIGH-PERFORMING ORGANIZATIONS PROVIDE GUIDANCE ON HOW ORGANIZATIONS CAN IMPROVE THEIR CYBER SECURITY EFFECTIVENESS…
PREPARE BE MORE AWARE OF THREATS AND ALIGN YOUR SECURITY STRATEGY WITH BUSINESS OBJECTIVES AND MISSION. INVEST IN A SECURITY AUDIT TO HELP YOU DO SO.
DEFEND ALLOCATE MORE OF YOUR BUDGET TO IT SECURITY, AND INVEST IN CUTTING-EDGE TECHNOLOGIES WITH HIGH ROI. PROACTIVELY RECRUIT EXPERTS TO JOIN YOUR CYBERSECURITY TEAM.
RESPOND LEVERAGE TECHNOLOGIES, PEOPLE, AND PROCESS TO QUICKLY CONTAIN THREATS AS THEY ARISE, AND CONDUCT REGULAR ANALYSIS TO IDENTIFY AREAS FOR IMPROVEMENT.