A recent global cybersecurity survey by Accenture has found that roughly one in three targeted cyberattacks have resulted in an actual security breach for Canadian companies in the past twelve months.
Despite these breaches, which equate to three effective attacks per month for the average Canadian company, the report found that about two-thirds of Canadians surveyed were confident in their ability to protect their enterprises from cyberattacks.
“Cyberattacks are a constant operational reality across every industry today, and our survey reveals that catching criminal behaviour requires more than the best practices and perspectives of the past.”
For the report, Accenture surveyed 2,000 security executives, 124 of whom were Canadian. The executives, who came from enterprise companies with annual revenues of $1 billion or more from 15 countries, were surveyed about their perceptions of cyber risks, the effectiveness of current security efforts, and the adequacy of existing investments. The survey revealed that the time it takes to detect security breaches is often part of the problem. More than half (52 percent) of Canadian executives said that it takes months to detect “sophisticated breaches” and nearly one-third of all successful breaches are left undiscovered by the security team.
“Cyberattacks are a constant operational reality across every industry today, and our survey reveals that catching criminal behaviour requires more than the best practices and perspectives of the past,” said Russell Thomas, the Canadian cybersecurity lead for Accenture. “There needs to be a fundamentally different approach to security protection starting with identifying and prioritizing key company assets across the entire value chain.”
The survey’s findings showed that while most Canadian companies are lacking effective technologies to monitor for cyberattacks, many executives still say that their enterprises have sufficient tools to monitor for cyberattacks. Twenty-nine percent of Canadian respondents say they are “competent” in business-relevant threat monitoring; 52 percent are confident in their ability to monitor for breaches, and 48 percent say the same about minimizing disruptions.
Accenture’s survey also noted that recent high-profile cyberattacks have driven significant increases in cybersecurity awareness and spending, yet Canadian organizations are not showing willingness to invest in new and different security controls to mitigate threats.
Forty-six percent to 54 percent of Canadian respondents say that if they were given extra funding to invest in new security technologies, they would “double down” on their current cybersecurity spending priorities, even though former investments haven’t significantly deterred regular and ongoing breaches. Far fewer Canadian executives said they would invest the extra budget in cybersecurity training (22 percent) or efforts that would mitigate against financial losses (20 percent).
Accenture’s survey also revealed that in comparison to other countries, organizations in Canada are among the most confident in their ability to monitor for breaches, while organizations in France, Australia, and the US are among the least confident. The survey found that compared to the global average of 8.2 percent, organizations in Canada (7.2 percent) are among those who spend the least amount of their IT budget on cybersecurity.
Overall, Accenture’s research suggests that despite being more confident in their ability to monitor for cyberattacks, companies around the world, including Canada, need to reboot their approaches to cybersecurity to survive the risky landscape.
To view the full report, click here.