Press release

21 Oct. 2021 Toronto, CA

Concern over managing cyber threats at an all-time high for nearly half of Canadian executives

Operational silos and regulatory compliance are top of mind amid growing cyber threat landscape

Press contact
Victoria McQueen

EY Canada Team Lead, Public Relations

Leading the development and distribution of external communications and social media across Canada. Can be found by the lake in the summer and on the slopes in the winter.

Related topics Cybersecurity

Operational silos and regulatory compliance are top of mind amid growing cyber threat landscape

  • Less than one quarter of Canadian organizations bring cyber and privacy in at the planning stage
  • Majority of respondents believe the cybersecurity function doesn’t enable innovation
  • Half of respondents say regulatory compliance is the most stressful part of their job

The EY Global Information Security Survey 2021 findings show 41% of Canadian leaders have never been as concerned about managing cyber threats the business faces. A quickly evolving threat landscape, coupled with uncertain regulations and organizational silos are leading to an uptick in cyber attacks — with 75% of Canadian leaders saying they have seen an increase in the number of disruptive events over the last 12 months. 

“Rapid transformation and adoption of digital tools to accommodate new ways of working in the height of COVID-19 meant security was often overlooked — exposing businesses to more and increasingly sophisticated attacks,” says Yogen Appalraju, EY Canada Cybersecurity Leader. “As companies plan further investments in data and technology in the face of recovery, they first need to retrace their steps to ensure previous gaps and disconnects between security and product development are filled.” 

The EY survey finds that only 24% of Canadian organizations bring cyber and privacy in at the planning stage. A further 40% of organizations view the relationship between security, product development and R&D teams as neutral, characterized by low levels of consultation. 

“It’s no longer acceptable to invite cybersecurity and privacy late to the party — doing so can lead to costly ramifications,” says Appalraju. “Achieving organizational synergies will require a true culture shift to enable more collaboration, integration among operations and a renewed emphasis on delivering long-term value for stakeholders right from the start. There’s a big opportunity to invest in internal education, to demonstrate the value cybersecurity brings to the table, while making cyber professionals feel like respected members of the team.” 

While most organizations recognize cybersecurity protects the business, only 34% of executives say they describe cyber as flexible and collaborative — and almost a quarter of CISOs say their teams are not consulted, or are consulted too late, on strategic decisions. A further 73% of Canadian executives say the cyber function doesn’t enable innovation — a missed opportunity according to Appalraju. 

“Progressive organizations are exploring how cybersecurity can creatively protect new products, digital offerings and broader business improvement initiatives,” he explains. “By prioritizing innovation alongside security and privacy, businesses can help build solutions that are more secure at a time when stakeholders are increasingly concerned about their privacy in a hybrid business world.” 

While the threat landscape is evolving, so too are regulatory expectations. The survey finds half of Canadian executives say being compliant in today’s regulatory landscape is the most stressful part of their job, with 70% expecting regulations to become increasingly fragmented, making them harder and more time consuming to manage.

“One of the biggest challenges is not just complying, but getting ahead,” adds Appalraju. “By reframing regulatory requirements from a risk-based perspective, cyber and privacy teams can get ahead of changing regulations and actually initiate proactive relationships that serve the organization better.” 

Read the full Global Information Security Survey for more insights into emerging threats.

– 30 –

About EY

EY exists to build a better working world, helping create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. Information about how EY collects and uses personal data and a description of the rights individuals have under data protection legislation are available via ey.com/privacy. EY member firms do not practice law where prohibited by local laws. For more information about our organization, please visit ey.com.  Follow us on Twitter @EYCanada.

This news release has been issued by Ernst & Young LLP.