Nearly two-thirds of Canadian organizations had breaches in the last year
Nearly two-thirds of Canadian organizations suffered security breaches in the last year, with almost half occurring in cloud environments, according to new data from Bell.
Bell’s study on the state of cybersecurity in Canadian businesses identifies the most important outcomes that C-level executives need to achieve to improve cybersecurity:
- Meeting/exceeding compliance objectives
- Maintaining a high level of confidence in security posture to business stakeholders
- Achieving the best possible rates for cyber insurance
- Having highly satisfied security staff (and lower turnover rates of security personnel)
- Avoiding cybersecurity breaches in the past 12 months
To identify factors that correlate with success outcomes, Bell asked respondents questions about their organization's on-premises and cloud security practices. The result is a list of 29 factors that correlate with significantly higher success rates for at least one outcome. The top five factors were:
- High integration of security in DevOps
- Acceptable use of cloud established
- Security anticipates IT and business needs
- Recovery and resilience capabilities
- High integration among security technologies
Of note, while many organizations report a high level of achievement across multiple key security outcomes, only 1.6% of Canadian businesses report high achievement on all top five indicators.
Out of Bell’s survey of 383 respondents, 249 reported a breach in the past 12 months. For organizations reporting a breach, the most common response was that these events occurred in both cloud and on-premises environments (40%). Among the rest, breaches in cloud infrastructure (34%) were more common than those on-premises (26%).
While breaches are the most direct performance indicator of any security program, most organizations reported performance against compliance requirements and the ability to retain talented staff as important indirect indicators.
Notably, success is often not determined by budget. Organizations with the largest security budgets are not necessarily more secure. While many of the factors Bell identified may require dollar investment as well as time, optimized resource allocation trumps total budget size.
"A highly skilled team with a well-connected cross-enterprise collaborative approach is critical to the success of an enterprise security strategy," said Costa Pantazopoulos, VP Product at Bell. "This is particularly important for cloud security controls, such as configuration management, which can be more challenging to fully automate."
Bell hired professional survey firm Maru Group to conduct a stratified random sample of 402 security professionals working for organizations in Canada. Response targets were set to achieve a balance of respondents representing different industries, provinces, and organization sizes. Quality checks eliminated some responses, leaving a final sample of 383 for this study entitled Achieving Cybersecurity Success in Canada.