5 minute read 8 Jun. 2020
EY - Child watching sharks in aquarium

Is your cybersecurity plan radical enough to thrive in today’s environment?

By Yogen Appalraju

EY Canada Cybersecurity Leader

Committed to helping clients minimize the impact of cyber threats. Proud husband and father.

5 minute read 8 Jun. 2020

Show resources

  • Is your cybersecurity plan radical enough to thrive in today’s environment?

An unprecedented start to 2020 reinforces how security by design can enable businesses to seize the upside of disruption.

It’s imperative that Canadian companies create a receptive and ready environment for security by design.

The 22nd annual EY Global Information Security Survey (GISS) explores the most important cybersecurity issues facing organizations today. The Canadian results from the survey show that organizations have certainly made progress in maturing their security functions. But there is much work to be done as Canada still lags behind its global counterparts. 

Why does maturity matter? The more mature the security function, the more successful organizations can be in adopting and growing a security by design mindset.

  • What is security by design?

    A strategic and pragmatic approach that integrates risk thinking from the inception of a product, service or initiative to embed trust in systems, designs and data, so that organizations can mitigate risks, lead transformational change and innovate with confidence.

How organizations can take advantage of a security by design approach

Canadian organizations can reach the maturity of their global peers by:

  1. Focusing on board engagement
  2. Increasing cyber budgets to align future initiatives
  3. Building productive relationships with every function of the organization

Our Canadian highlights of the GISS showcase how organizations can position cybersecurity at the heart of business transformation and innovation.

Show resources

EY - Scuba Divers Swimming In Between School Of Fish
(Chapter breaker)

Chapter 1

Engaging the board


With improved engagement, cybersecurity and the board can communicate more effectively about business priorities and the risks facing the organization, and work together more productively to support the future of the business.

EY - Key GISS findings

Why the disconnect?

Creating synergy between cybersecurity and the board is a legacy issue that stems from the security function’s origins in IT. It was common for security professionals to rely on technology to solve cybersecurity issues, with little or no input from the board.

Going forward, to adopt an effective security by design culture, cybersecurity must be able to account for business considerations that matter to the board. 

Here’s how the cybersecurity function can more effectively engage the board:

  • Speak the language of the business and help the board understand the severity and business impact of different risks related to security, with a plan of how to deal with them.
  • Build proper alliances across the business and educate the board to help foster commitment and promote the engagement needed to respond to cybersecurity measures.
Establishing a strong relationship and speaking the board’s language can help present cybersecurity risks in a way board members can relate to, expediting funding for initiatives and technologies needed to address the risk facing the organization.
Yogen Appalraju
EY Canada Cybersecurity Leader

What can you do today?

Across any organization, different departments and priorities compete for budgets. CIOs and CISOs must increasingly make their voices heard. While boards recognize the importance of committing to cybersecurity, they aren’t always given the tools and language to communicate the urgency in business terms. 

How EY can help

Cybersecurity, strategy, risk, compliance and resilience
EY Cybersecurity, strategy, risk, compliance and resilience teams can provide organizations with a clear picture of their current cyber risk posture and capabilities, giving them an informed view of how, where and why to invest in managing their cyber risks.
Read more

EY - Scuba diver in front of a dramatic wave
(Chapter breaker)

Chapter 2

Increase cyber budgets to align to future initiatives


Consistent with trends from 2019, Canadian organizations are devoting less revenue to cybersecurity compared to their global peers. However, encouraging evidence shows Canada is ahead of organizations in other countries in terms of budget being spent on securing new technologies and other new initiatives. 

EY - Key GISS findings
Last year’s GISS survey revealed that 86% of Canadian organizations expressed interest in adopting artificial intelligence (AI) in the next 7 years. And this year, there is increased commitment to securing new technologies. Balancing innovation and security is a positive trend for Canada.

What can you do today?

The board needs to understand cybersecurity challenges, and cybersecurity leaders need to better grasp the business agenda. With that shared knowledge, cybersecurity and the board can work collaboratively to identify risks and investment priorities.


EY - Scuba divers in Lagoa Misteriosa
(Chapter breaker)

Chapter 3

Build productive relationships with every function of the organization


For cybersecurity to play a central role in enabling business transformation, it must formally align with business strategy and integrate with other functions in the organization. This will help to create a mutual understanding of potential threats, the impact to assets and how to best mitigate risk exposure.

EY - Key GISS findings

What you can do today

  • The security function needs to understand the critical assets and operational processes for each line of business.
  • Business lines need to understand the impact of critical assets and the possible consequences if they are disrupted.
  • These alliances create a better mutual understanding of threats, the impact to assets and how to mitigate risk exposure.


There is significant opportunity for the CISO, board, C-suite and entire business to collaboratively mature the cybersecurity function in Canada to compete with global peers. By taking action on the recommendations outlined in this report, Canadian organizations can create an environment where the security by design mindset and culture can thrive, empowering cybersecurity as a true driver of business transformation.

EY GISS 2020: Canadian highlights Infographic

Why security by design matters

Our 2020 Global Information Security Survey (GISS) identifies how Canadian businesses can ensure cybersecurity is a critical voice at the business table, built on a foundation of security by design.

Click to view infographic 

Contact us

Like what you’ve seen? Get in touch to learn more.

About this article

By Yogen Appalraju

EY Canada Cybersecurity Leader

Committed to helping clients minimize the impact of cyber threats. Proud husband and father.