While the world has been struggling with the pandemic for the past two years, IT managers have had an additional challenge on their minds – the growth in cyber attacks. The newly released CIRA Cybersecurity Survey found that three in 10 (29 percent) experienced a breach of customer and/or employee data last year, nearly doubling from 18 percent in 2019 before the pandemic began.
In the annual survey, CIRA asked 500 IT security professionals for their perspectives on the cybersecurity landscape including the evolving nature of cyber threats and the increasing calls for more accountability on data privacy. As organizations continue to collect more and more sensitive information about employees, suppliers or vendors, only 44 percent of those who experienced a breach say they informed those affected of the incident.
“The pandemic has raised the cybersecurity stakes for organizations across the country,” said Jon Ferguson, General manager, Cyber DNS, CIRA. “Threats are more common and more sophisticated, and customers are holding brands accountable for mishandling their data. It is our hope that this survey will provide some perspective on the issues and help raise awareness on the problem we are facing.”
From major airlines to rideshare apps and iconic Canadian food chains, protecting stakeholders’ data is an increasing challenge. In the past, these data breaches may have mostly affected large corporations, but now small and medium-sized businesses, school boards, municipalities and organizations of all industries and sizes are impacted.
Given that 15 percent of organizations reported a loss of customers following a data breach (also double the pre-pandemic level) protecting customer data is no longer just an IT issue, it is also a sales and brand issue.
Key Findings
• Three-in ten (29 percent) organizations experienced a breach of customer and/or employee data. Before the pandemic, only 18 percent said they experienced it – a difference of nearly double.
• Just over half (55 percent) characterize their organization as more vulnerable to cyber threats because its employees work remotely.
• Most IT professionals (82 percent) indicate that their organization has a cyber incident response plan while six-in-ten organizations have used their plan in the last 12 months.
• Survey data indicates that 15 percent of organizations reported a loss of customers following an attack which is double the pre-pandemic level.
• Six in 10 (59 percent) are concerned about the potential impact of Bill C-27 https://bit.ly/3CArd5P on their organization. The poll also shows that the private sector is less prepared to implement the new requirements.
• Most organizations (63 percent) consider preventing data flows going through foreign countries (data sovereignty) as more important than price when selecting a cybersecurity service vendor.