A new Accenture security survey, “Building Confidence: Facing the Cybersecurity Conundrum,” indicates that overconfidence may be putting Canadian organizations at higher risk for cyberattacks.
In the past year, the average Canadian company has experienced three effective attacks per month, however, two-thirds of Canadians surveyed felt sure they could protect their enterprises, most of which do not have effective technology in place to monitor for cyberattacks. Compared to the global average, overconfidence is higher in Canada, but this country is also among those who spend the lowest amount of their IT budget on cybersecurity.
“Cyberattacks are a constant operational reality across every industry today and our survey reveals that catching criminal behavior requires more than the best practices and perspectives of the past,” says Russell Thomas, Canadian cybersecurity lead for Accenture “There needs to be a fundamentally different approach to security protection starting with identifying and prioritizing key company assets across the entire value chain.”
Organizations also need to take an “end-to-end approach to digital security” and integrate cyber defense into the whole company, as there are many inconsistencies the survey found.
Respondents say internal breaches have the greatest impact, but 62 per cent prioritize heightened capabilities in perimeter-based controls instead of pivoting to address high-impact internal threats. Meanwhile, 52 per cent of Canadian executives admit it takes months to detect sophisticated breaches, and as many as a third of all successful breaches are not discovered at all by the security team.
Awareness is growing, but the sentiment among respondents suggests Canadian organizations will continue to pursue the same (somewhat meaningless) countermeasures instead of investing in new and different security controls to mitigate threats.
Accenture surveyed 2,000 enterprise security practitioners, including 124 in Canada, representing companies with annual revenues of $1 billion or more in 15 countries about their perceptions of cyber risks, the effectiveness of current security efforts and the adequacy of existing investments.