The EY Global Information Security Survey 2021 findings show 41% of Canadian leaders have never been as concerned about managing cyber threats the business faces. A quickly evolving threat landscape, coupled with uncertain regulations and organizational silos are leading to an uptick in cyber attacks — with 75% of Canadian leaders saying they have seen an increase in the number of disruptive events over the last 12 months.
“Rapid transformation and adoption of digital tools to accommodate new ways of working in the height of COVID-19 meant security was often overlooked — exposing businesses to more and increasingly sophisticated attacks,” says Yogen Appalraju, EY Canada Cybersecurity Leader. “As companies plan further investments in data and technology in the face of recovery, they first need to retrace their steps to ensure previous gaps and disconnects between security and product development are filled.”
The EY survey finds that only 24% of Canadian organizations bring cyber and privacy in at the planning stage. A further 40% of organizations view the relationship between security, product development and R&D teams as neutral, characterized by low levels of consultation.
“It’s no longer acceptable to invite cybersecurity and privacy late to the party — doing so can lead to costly ramifications,” says Appalraju. “Achieving organizational synergies will require a true culture shift to enable more collaboration, integration among operations and a renewed emphasis on delivering long-term value for stakeholders right from the start. There’s a big opportunity to invest in internal education, to demonstrate the value cybersecurity brings to the table, while making cyber professionals feel like respected members of the team.”
While most organizations recognize cybersecurity protects the business, only 34% of executives say they describe cyber as flexible and collaborative — and almost a quarter of CISOs say their teams are not consulted, or are consulted too late, on strategic decisions. A further 73% of Canadian executives say the cyber function doesn’t enable innovation — a missed opportunity according to Appalraju.
“Progressive organizations are exploring how cybersecurity can creatively protect new products, digital offerings and broader business improvement initiatives,” he explains. “By prioritizing innovation alongside security and privacy, businesses can help build solutions that are more secure at a time when stakeholders are increasingly concerned about their privacy in a hybrid business world.”
While the threat landscape is evolving, so too are regulatory expectations. The survey finds half of Canadian executives say being compliant in today’s regulatory landscape is the most stressful part of their job, with 70% expecting regulations to become increasingly fragmented, making them harder and more time consuming to manage.
“One of the biggest challenges is not just complying, but getting ahead,” adds Appalraju. “By reframing regulatory requirements from a risk-based perspective, cyber and privacy teams can get ahead of changing regulations and actually initiate proactive relationships that serve the organization better.”
Read the full Global Information Security Survey for more insights into emerging threats.