According to a new study done by Ponemon Institute, 60 percent of Canadian companies do not believe they are equipped to fight cyber attacks and data theft. After surveying 236 different IT security practitioners in Canada, the study, “Exposing the Cybersecurity Cracks: Canada,” uncovers deficiencies and disconnects in these organization’s security systems.

The problem is rooted in the deficient cybersecurity systems. Organizations simply lack the proper security to prevent online breaches and theft of confidential information. The study shows while 56 percent of Canadian respondents do not believe they can stop advanced online attacks, 59 percent do not think they can prevent the theft of confidential data. Meanwhile, cybersecurity professionals are struggling to keep up with fast pace of high profile-attacks and threats.

Furthermore, the problem is only exacerbated because companies feel uniformed, lacking adequate intelligence of the attempted attacks and their consequences. Thirty-nine percent of the companies reported that their security solutions do not inform them of the source of the attack.

As a result, the gap between the perception and reality of data breach is widened. The study shows that 77 percent of the organizations perceive that the loss of confidential data does not result in potential loss of revenue. In reality, each lost or stolen record costs on average $188 U.S. dollar (USD) while the average cost of an organizational data breach is $5.4 million USD. 

Larry Ponemon, the chairman and founder of the Ponemon Institute, says, “The report’s findings expose significant cracks in the cyber security defenses for Canadian businesses. This theme was consistent globally and is a wake-up call for the security industry to re-valuate their current security architecture and approach to employee education. Change is imminent if we are to stay a step ahead of today’s sophisticated data stealing attacks.”

Companies need to continue expanding their awareness of cybersecurity and technologies. The report offers the following recommendations to better manage and reduce cyber breaches:

  • Investing in technologies that increase visibility of attempted attacks and their consequences
  • Increasing access to better threat intelligence and real-time defenses
  • Deploying an all-encompassing defense strategy incorporating web, email, and mobile channels
  • Assessing security solution capabilities and deployments against a comprehensive kill-chain model
  • Finding effective employee security education method to communicate the seriousness of cyber attacks and high risk behavior.


 For further readings on cyber security:

Boards need to oversee cybersecurity risk says SEC official

Survey shows gap between awareness, preparation for cyber attacks on intellectual property 

Data breach notification laws meet the rising tide of cybercrime

What to do (and not do) in a data breach response