Cyber security incidents have become the new normal for Canadian companies, with 100% of organisations experiencing attacks, according to the findings of a new study from Scalar Decisions Inc. of more than 400 Canadian IT and security workers.
Released today, the 2019 Scalar Security Study (commissioned by Scalar and conducted independently by IDC Canada) showed that cyber security incidents are occurring on a regular basis and the cost of these compromises is at an all-time high. The average cost per organisation of responding to, and recovering from, cyber security incidents increased to between $4.8 million (€4.2 million) to $5.8 million (€5.1 million), up from $3.7 million (€3.2 million) last year.
Despite facing fewer cyber attacks overall (440 on average, down from 445 last year), organisations suffered more breaches (12.5 on average, up from 9.3) as bad actors became more efficient and effective. The percentage of attacks that result in a breach increased to 3%, up from 2% last year.
“Canadian companies are still overconfident in their abilities to successfully defend against cyber security attacks. Many are now realising the need to implement a cyber resiliency plan in order to better prepare, defend and respond to incidents,” said Theo Van Wyk, chief technology officer – Security at Scalar Decisions.
“The rise in the percentage of successful breaches coincides with the shift in cyber security efforts from protection against attacks to improving detection of malicious attacks and responding to and recovering from incidents.”
The study, examining the cyber security readiness of Canadian organisations and year-over-year trends in handling and managing growing cyber threats, also found:
- Of the survey respondents, 18% reported having data subjected to ransomware demands, 17% had data encrypted, and 12% had data deleted
- 9% of respondents were not confident in their organisation’s ability to prevent cyber security breaches and only 11% of survey respondents had a “high” degree of confidence
- On average 38.5% of the data organisations stored was considered confidential
- The average number of days spent recovering from cyber security breaches by an organisation’s security, IT, and legal departments increased significantly to 19.4 days from 16.1 days last year
“Organisations need to put a larger emphasis on cyber security planning and work on any deficiencies that they may have in handling security risks,” added Van Wyk. “Conducting cyber security fundamentals can reduce cyber-attack success rates by over 50%. If this can’t be handled in-house, then external expertise is an efficient way to shore up defenses.”
The full study can be downloaded here