Only 43% of Canadian companies could detect a sophisticated cyber-attack

EY survey shows most companies don't know the financial impact of breaches

  • Share

(Toronto, 15 February 2017) As the frequency and scale of cyber-attacks show no signs of abating, the majority of Canadian companies still wouldn’t be able to detect a sophisticated breach. According to EY’s Global Information Security Survey, only 43% of Canadian companies could spot a significant cybersecurity incident, compared to 50% globally.

EY - 2017 GISS Survey Canada findings infographic

“Organizations have stepped up their cyber efforts in the last few years, but these results still point to a gap,” says Abhay Raman, EY’s Canadian Cybersecurity Leader. “Creating a robust cybersecurity program is a long, focused process, and many companies haven’t taken that step. That’s why 72% of our survey’s respondents said they need up to 50% more budget for their cyber needs.”

Raman adds, “Only 6% of organizations evaluate the financial impact of every significant breach. If companies can’t paint a picture of how much a cyber-attack dented their bottom line, it’s difficult to make a case for greater investment. Evaluating impact is paramount.”

As organizations progress in their cyber security journey, they’re turning their attention to being cyber-resilient. When a significant cyber breach occurs, a business needs to recover and get back up on its feet as soon as possible. Over half (52%) of Canadian respondents rated business continuity management as one of their top priorities, alongside data leakage and data loss prevention.

Top reasons for breaches

In EY’s survey, end user awareness emerged as the top control failure that led to a breach. This weakness is primarily exploited through phishing, where company employees engage with malicious emails disguised as authentic. In the process, they unknowingly let the attackers access internal systems.

The top control or process failures that led to the most significant cyber breach last year:

  • End user awareness, exploited via phishing (43%)
  • Poorly secured internet-facing systems and/or applications (11%)
  • Outdated/unpatched systems (8%) 

IoT adoption faces obstacles

The Internet of Things, or IoT is leading change in the digital landscape, and it’s fast becoming the must-have element of business technology. However, the lack of skilled resources and executive support are hampering the wider adoption of connected devices.

“Connected devices could bring a new business opportunities, business revenue growth and cost reductions,” says Raman. “Especially in our slow-growth economy, businesses should invest in the right talent and internal awareness to increase their competitiveness through IoT.”

According to EY’s survey, the main obstacles that need to be overcome to enable the wider adoption of IoT devices are:

  • Lack of skilled resources (43%)
  • Lack of executive awareness or support (43%)
  • Budget constraints (32%)

Read the full 2016 EY Global Information Security Survey Canadian highlights.

– 30 –

About EY

EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities.

EY is proudly celebrating 150 years in Canada. For more information, please visit Follow us on Twitter @EYCanada.

EY refers to the global organization and may refer to one or more of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit