January 22, 2016
Cybersecurity incidents In Canada increased by 160% year over year according to PwC Canada's 2016 Global State of Information Security Survey
PwC Canada launches "Game of Threats," exclusive digital simulation evolves how leaders understand and manage cybersecurity risks and solutions
TORONTO -- According to PwC's Global State of Information Security® (GSISS) Survey 2016, Canadian companies are taking steps towards establishing holistic, integrated safeguards against cyberattacks. While investment in safeguards against cybersecurity threats have increased by 82% year over year, it still accounts for an average of only five per cent of overall IT (Information Technology) spending.
Because of the impact cybersecurity attacks can have on the overall health of a company and a brand, boards are playing an increasingly significant role in informing the development of cybersecurity strategies. In fact, this year's report found that 50% of Canadian companies surveyed indicated that their board participates in defining their organization's security budgets, compared to only 25% in 2014.
As part of an expanding digital service offering PwC Canada is launching, Game of Threats™, a digital game that simulates the speed and complexity of real-world cyber breaches to help executives better understand how to resource and protect companies. Using gaming theory, the interactive game replicates real-world challenges faced by companies on a daily basis. Users will learn about different threats, identify reputational, operational, financial and regulatory impacts as well as understand what can be done to prevent an attack.
"Overall, the Canadian data provides solid evidence that Canadian companies are taking steps towards mitigating cyberattacks but the threat is still very real," said Richard Wilson, Partner, Cybersecurity & Privacy Practice, PwC Canada. "Canadian business and public sector leaders need to better understand the full range of impacts a cybersecurity breach can have on their organizations. This issue has evolved far beyond data loss. Beyond financial and reputational damages, we are seeing impacts to competitiveness, product and service quality, employee retention, and the health and safety of both employees and the public."
There are three areas where public and private sector organizations are heavily investing in cybersecurity right now," said David Craig, Partner, Cybersecurity & Privacy Practice, PwC Canada. "Solutions to manage how employees, customers and third parties access and use data, outsourced Managed Security Services to monitor and detect security events more efficiently, and data privacy compliance in anticipation of mandatory breach notifications."
According to the GSISS report, harnessing the power of cloud-based cybersecurity as a viable tool in Canada has led companies to greater productivity such as streamlined monitoring, advanced authentication, and threat intelligence. Overall, Canadian companies surveyed matched their global counterparts on the adoption of cloud-based cybersecurity services.
Additional notable findings this year's report include:
Evolving Cybersecurity Roles: 50% of respondents have a CISO (Chief Information Security Officer) in charge of the security program.
Investing in Insurance: Technically adept adversaries will always find new ways to circumvent security safeguards. That's why many businesses (59%) are purchasing cybersecurity insurance to help mitigate the financial impact of cybercrimes when they do occur.
Threats at Home and Abroad: Incidents attributed to foreign nation-states increased the most (up 67% YoY) while current or recent employees continue to be the most cited source of incidents (66%).
To explore the Canadian insights emerging from this year's survey please visit: www.pwc.com/ca/gsiss.