The EY 2023 Global Cybersecurity Leadership Insights Study finds that 81% of Canadian organizations had experienced at least 25 cybersecurity incidents in the last 12 months, compared to 73% of global respondents.
At the same time, cyber leaders report mounting costs associated with cybersecurity. Globally, the median cost of a breach to an organization has increased by 12% to US$2.5m in 2023 and is anticipated to reach US$4m. In Canada, 44% of organizations reveal a total annual spend of US$50m on cybersecurity — compared to 59% of US companies.
“Although cyber risk perception differs in Canada compared to the US or other jurisdictions where competition in a much larger population can be a whole lot fiercer, Canadian organizations are now starting to experience more costly and high-profile breaches, in line with what’s already been happening south of the border,” says Yogen Appalraju, EY Canada Cybersecurity Leader.
Despite increasing levels of spending, detection and response times appear slow with the survey sharing that more than half of respondents (58%) say their organizations take an average of six months or longer to detect and 60% saying it takes more than a month to respond.
Balancing security and innovation a top challenge as new technology emerges
Almost half of Canadian survey respondents say their organization’s main challenge to cybersecurity is difficulty in balancing security and innovation. While emerging technologies hold a lot of promise for businesses looking to bolster their cyber defences, Canadian and global leaders alike rank cloud and IoT as the biggest technology risks in the next five years.
“As shifts towards the adoption of generative artificial intelligence, wide usage of IoT, cloud at scale and other trends spur progress for Canadian businesses, they’re also opening new pathways to additional cyber risks,” adds Appalraju. “To close these gaps, organizations must make cyber integral to every part of the organization, shifting the function from an inhibitor to a value driver."
Cybersecurity integration from the top down
Only one-in-five Chief Information Security Officers (CISOs) and C-suite executives surveyed considered their organization’s cybersecurity to be effective today and well-positioned for tomorrow. Similarly, only 49% say they’re satisfied C-suite’s integration of cyber into business decisions — quite a bit lower than 58% of global counterparts, indicating that Canadian organizations’ cyber approach may be less mature than other jurisdictions.
“There appears to be a significant gap in how leaders factor cybersecurity into business decisions as a true value driver, which could result in delayed vigilance and potentially disastrous implications,” explains Appalraju. “By weaving cybersecurity into the fibre of an organization, emphasizing simplicity and adopting holistic thinking, cyber leaders can reduce risk and improve visibility.”