Concern over managing cyber threats at an all-time high for nearly half of Canadian executives: survey

More than 40 per cent of Canadian business leaders are concerned about managing cyber threats, the new EY Global Information Security Survey 2021 shows.

“A quickly evolving threat landscape, coupled with uncertain regulations and organizational silos are leading to an uptick in cyber attacks – with 75 per cent of Canadian leaders saying they have seen an increase in the number of disruptive events over the last 12 months,” EY Canada officials said in an Oct. 21 news release.

“Rapid transformation and adoption of digital tools to accommodate new ways of working in the height of COVID-19 meant security was often overlooked — exposing businesses to more and increasingly sophisticated attacks,” said EY Canada cybersecurity leader Yogen Appalraju. “As companies plan further investments in data and technology in the face of recovery, they first need to retrace their steps to ensure previous gaps and disconnects between security and product development are filled.”

The EY survey finds that only 24 per cent of Canadian organizations bring cyber and privacy in at the planning stage. A further 40 per cent of organizations view the relationship between security, product development and R&D teams as neutral, characterized by low levels of consultation.

“It’s no longer acceptable to invite cybersecurity and privacy late to the party — doing so can lead to costly ramifications,” Appalraju said. “Achieving organizational synergies will require a true culture shift to enable more collaboration, integration among operations and a renewed emphasis on delivering long-term value for stakeholders right from the start. There’s a big opportunity to invest in internal education, to demonstrate the value cybersecurity brings to the table, while making cyber professionals feel like respected members of the team.”

While most organizations recognize cybersecurity protects the business, EY said, only 34 per cent of executives say they describe cyber as flexible and collaborative — and almost a quarter of CISOs say their teams are not consulted, or are consulted too late, on strategic decisions. A further 73 per cent of Canadian executives say the cyber function doesn’t enable innovation, which  Appalraju calls “a missed opportunity.”

“Progressive organizations are exploring how cybersecurity can creatively protect new products, digital offerings and broader business improvement initiatives,” he said. “By prioritizing innovation alongside security and privacy, businesses can help build solutions that are more secure at a time when stakeholders are increasingly concerned about their privacy in a hybrid business world.”

While the threat landscape is evolving, so too are regulatory expectations. The survey finds half of Canadian executives say being compliant in today’s regulatory landscape is the most stressful part of their job, with 70 per cent expecting regulations to become increasingly fragmented, making them harder and more time consuming to manage.

“One of the biggest challenges is not just complying, but getting ahead,” Appalraju said. “By reframing regulatory requirements from a risk-based perspective, cyber and privacy teams can get ahead of changing regulations and actually initiate proactive relationships that serve the organization better.”

The full Global Information Security Survey is available here.