Cybersecurity Readiness Report Identifies Gaps for Canadian Businesses

By: Yasmin Ranade

May 23, 2023

Cisco has released findings of its Cybersecurity Readiness Index. Results paint a bleak picture as the report found that only 9% of Canadian organizations are deemed to have a “Mature” level of preparedness to handle the security risks of a hybrid world. Compounding the challenge is our new work reality where people work remotely, use multiple devices, rely upon cloud applications, and generate voluminous amounts of data.

Rob Barton, CTO of Cisco Canada

Rob Barton, CTO of Cisco Canada explained, “Cybersecurity resilience has become one of the most important challenges facing businesses in Canada and around the world.”

“To help businesses understand where they are in their readiness to face and mitigate modern threats, Cisco conducted the Cybersecurity Readiness Index – a double-blind survey of 6,700 business leaders with cybersecurity responsibilities in 27 global markets across 18 industries,” shared Barton. “The index measures the readiness of companies across five core pillars that determine the cybersecurity resilience of businesses: identity, devices, network, application workloads and data. The companies were then classified into four stages of increasing readiness: Beginner, Formative, Progressive and Mature.”

“The Canadian findings found that just 9% of Canadian organizations have a “Mature” level of preparedness to handle the security risks of a hybrid world – compared to the global average of 15%. With a small percentage of companies at the Mature stage, 57% of Canadian companies fall into the “Beginner” or “Formative” stages, which means they are performing below average in their preparedness for modern cybersecurity threats,” stated Barton.

“With 77% of Canadian respondents said they expect a cybersecurity incident to disrupt their business in the next year or two, this survey is a wakeup call for organizations to act now.”

Added Barton, “The pandemic fundamentally changed the security dynamic. Organizations now have people increasingly working from multiple devices in multiple locations, connected to multiple networks, accessing applications in the cloud and on the go, and generating enormous amount of data.”

Canadian Cybersecurity Readiness and Index Highlights

Began Barton, “Cyber threats and attacks are on the rise globally and threat actors are increasingly targeting Canada – we see this playing out in the news almost daily.”

“Organizations need to act urgently to think about how prepared they are for cyberattacks because we must operate with the assumption that it is a matter of ‘when’ not ‘if because the cost of complacency is significant.”

“In fact, 51% of respondents said they had a cybersecurity incident in the last 12 months and 34% of those affected said it cost them at least US $500,000. And this is just a hard cost. We need to consider the further impacts on corporate brand and reputation.”

Barton summarized, “Our data shows that there are key areas of progress needed against the five pillars of defence:

  • Identity: Progress is needed here as only 15% of organizations are ranked “Mature”
  • Devices: This has the highest percentage of companies in the “Mature” stage at just 33%
  • Network Security: Companies are lagging on this front with 64% of organizations in the “Beginner” or “Formative” stages
  • Application Workloads: This is the pillar where companies are the least prepared, with 73% of organizations in the “Beginner” or “Formative” stages
  • Data: This has the second-highest number of companies in the “Mature” stage (only 17%)”

Warned Barton, “The results highlight an alarming cybersecurity readiness gap, which will only widen if businesses don’t act quickly.”

Recommendation to Improve Business Cybersecurity

Barton offered some suggestions for how businesses can improve their cybersecurity.

“Cyberattacks can happen anytime, anywhere, and to any small, medium or large business,” acknowledged Barton. “The emergence of hybrid work has changed the cybersecurity landscape and created greater complexity for Canadian businesses.”

“Building a solid security resilience framework takes time. However, there are steps businesses can start to take while building out a framework, from assessing current posture and deploying solutions, to monitoring and anticipating threats. Canadian businesses can benefit from embracing the five dimensions of security resilience:

  1. Close the gaps in your system so you have one open platform.
  2. See more and always be monitoring.
  3. Anticipate what is next using actionable intelligence.
  4. Prioritize what matters most.
  5. Automate your response so you can bounce back fast.”

Robust technology, quick response, healthy supply chains and security resilience are also necessary.

“Across industries, organizations need to have visibility to build this approach successfully because you can’t secure what you can’t see,” remarked Bartong.

“By equipping networks with the right insights, from the applications to the endpoints and everything in between, we can see what’s going on and secure networks against threats and attacks,” said Barton.

Barton further explained, “Speed and response time is everything when an organization faces a threat, and security resilience allows companies to better anticipate threats and resume operations faster when a threat becomes real.”

“Most organizations are incorporating resilience in their financial, operational, organizational and supply chain functions. Security resilience sits across all of them, allowing businesses to verify threats, understand connections across the organization, and see the full context of any situation. This empowers teams to prioritize and ensure their next action is the best one.”

“The good news is that security leaders are aware of the risks and are keen to invest in cybersecurity readiness,” offered Barton. “Data shows 78% of the respondents plan to increase their security budgets by at least 10% over the next 12 months. While a positive trajectory, it is crucial that these budget increases are delivered sooner rather than later. Given the current environment, a 12-month wait is far too long.”


More on Cybersecurity

Leave a Reply

Your email address will not be published. Required fields are marked *