Inflation is up for all sorts of products and services, including the cost of a data breach.
The median cost of a data breach to an organization this year was US$2.5 million, according to an EY survey, an increase of 12 per cent over last year.
The numbers are included in the EY 2023 Global Cybersecurity Leadership Insights Study, which polled 500 cyberscurity and C-suite leaders in 25 countries.
Looking at the responses of the 62 Canadian leaders alone, 81 per cent said their organization had experienced at least 25 cybersecurity incidents in the last 12 months. That compared to 73 per cent of all global respondents.
Almost half of Canadian survey respondents said their organization’s main challenge to cybersecurity is difficulty in balancing security and innovation. While emerging technologies hold a lot of promise for businesses looking to bolster their cyber defences, Canadian and global leaders alike rank cloud and IoT as the biggest technology risks in the next five years.
Only one-in-five chief information security officers (CISOs) and C-suite executives in the Canadian survey considered their organization’s cybersecurity to be effective today and well-positioned for tomorrow. Similarly, only 49 per cent of Canadian respondents said they’re satisfied with the C-suite’s integration of cyber into business decisions — quite a bit lower than 58 per cent of their global counterparts.
That indicates Canadian organizations’ cyber approach may be less mature than other jurisdictions, says EY.
“There appears to be a significant gap in how leaders factor cybersecurity into business decisions as a true value driver, which could result in delayed vigilance and potentially disastrous implications,” said Yogen Appalraju, EY Canada cybersecurity leader. “By weaving cybersecurity into the fibre of an organization, emphasizing simplicity and adopting holistic thinking, cyber leaders can reduce risk and improve visibility.”
Using statistical modeling, EY split organizations that agreed to participate in the survey into two groups: Leading organizations with the most effective cybersecurity, called “Secure Creators,” and lower-performing firms called “Prone Enterprises.”
Secure Creators have fewer cyber incidents and are quicker at detecting and responding to incidents. They are also more likely to be satisfied with their cybersecurity approach today (51 per cent vs. 36 per cent) and more likely to feel prepared for the threats of tomorrow (53 per cent vs. 41 per cent).