(Toronto, June 8, 2020) A disconnect between cybersecurity efforts and business functions is putting more Canadian organizations at risk as information gaps leave leaders with a limited understanding of potential threats and how to mitigate exposure. The 2020 EY Global Information Security Survey finds that 34% of Canadian organizations have yet to fully articulate their cybersecurity risk, compared to 16% of global peers.
“With more businesses moving — and potentially staying — online or working remotely, organizations are increasingly vulnerable to cyberattacks,” says Yogen Appalraju, EY Canada Cybersecurity Leader. “Amid the immense pressure felt from COVID-19, a cyberattack — and its ramifications on brand, reputation and financials — is the last thing an organization wants to happen while they’re already navigating significant disruption. Bridging the divide between the security function, lines of business and the board can be an enabler to proactively address heightened risks and help advance digital transformation.”
The EY survey finds that just 21% of Canadian boards understand how to fully evaluate their organization’s cybersecurity risks, compared to 48% globally. Meanwhile, 43% are unable to quantify cybersecurity effectiveness in financial terms, compared to 24% of global respondents.
“Cybersecurity teams must learn to speak the board’s language to better communicate the severity and business impact of different risks,” says Appalraju. “Increased education and engagement among this group should trickle down into the business to drive awareness, while helping to secure the buy-in for funding and resources needed to address growing threats.”
The survey finds that cybersecurity teams need to develop better alliances across all business functions of the organization. Right now, only 10% of Canadian survey respondents say there’s a high level of trust and consultation between cybersecurity teams and the broader business.
“Cybersecurity needs to be present at the development stage of any product, service or initiative as businesses look to make greater digital investments to support an online transition in this new environment,” says Appalraju. “This is what we call a security by design approach — a strategy that improves engagement between the cybersecurity team and the rest of the business to create a mutual understanding of potential threats, the impact to assets and how to proactively mitigate cyber risk exposure early in the creation or acquisition of assets.”
Access the full Canadian highlights of the EY Global Information Security Survey.