Employees are the biggest risk to global cybersecurity, says EY
The Global Information Security Survey, a yearly poll by advisory services firm Ernst and Young, finds that phishing attacks lead to 43 per cent of cybersecurity breaches
Research & Development
Risk & Compliance
Technology / IIoT
TORONTO—The biggest risk to a company’s cybersecurity is its own employees, according to Ernst & Young’s (EY) Global Information Security Survey.
Employees engaging with malicious emails disguised as authentic correspondence accounted for 43 per cent of grievous corporate cyber breaches in 2016. These digital Trojan Horses, known as phishing attacks, are a significant cybersecurity problem, but they are not the only threat companies have to contend with.
The Global Information Security Survey is a yearly poll of cybersecurity issues that captures responses from companies around the globe and in 20 different industry sectors.
The survey found that not only are companies vulnerable to phishing, but poorly secured internet-facing systems—which resulted in 11 per cent of breaches—and outdated or unpatched security systems—8 per cent of breaches—are also major issues.
60 per cent of Canadian companies said that these control failures led to their most consequential cyber breaches.
The survey highlights the biggest cybersecurity problems that Canadian companies are wrestling with:
- 98 per cent said that their cybersecurity function did not fully meet their organization’s needs
- 61 per cent of respondents have had a recent significant cybersecurity incident
- 72 per cent said that they need up to 50 per cent more budget for cybersecurity
- 94 per cent of organizations do not evaluate the financial impact of every significant breach
- 52 per cent of organizations rated business continuity management their joint top priority, alongside data leakage and data loss prevention
- 57 per cent are unlikely to detect a sophisticated cyber attack
“Organizations have stepped up their cyber efforts in the last few years, but these results still point to a gap,” said Abhay Raman, EY’s Canadian cybersecurity leader. “Creating a robust cybersecurity program is a long, focused process, and many companies haven’t taken that step.”