Canadian Organizations Would Not Spot Major Cyberattacks Says EY Study

Published: February 15, 2017

Updated: July 24, 2018

Author: Luke Jones



The preparedness of Canadian companies to deal with cyberattacks continues to be a problem, according to a new study. EY’s Global Information Security Survey finds that only 43% of Canadian companies would be able to spot a “significant cybersecurity incident”.

This figure means Canadian organizations are behind global companies, with the survey showing 50% of worldwide businesses could spot such an event. EY’s major study included 1,735 participants from global companies from over 20 industries, such as insurance (7%) and banking (20%). Included in the study were respondents from the Americas (38 percent).

EY is a global assurance, tax, transaction and advisory services company that considers key market trends. Cybersecurity has become a major problem for organizations big and small. Attacks are frequent and can be hugely costly for companies to deal with.

Focusing on Canada, the survey finds that most (98%) organizations feel that their cybersecurity measures are not up to the necessary levels the company needs for protection. Also, 94% admit to not evaluating the financial cost major cybersecurity breaches would cost.

Other Canadian findings included:

  • 61% of respondents have had a recent significant cybersecurity incident;
  • 60% said that control or process failures led to their most significant cyber breach;
  • 57% are unlikely to detect a sophisticated cyberattack;
  • 52% of organizations rated business continuity management their joint top priority, alongside data leakage and data loss prevention; and
  • 43% identified lack of skilled resources as one of the top obstacles to Internet of Things (IoT) adoption.

“Organizations have stepped up their cyber efforts in the last few years, but these results still point to a gap,” said Abhay Raman, EY’s Canadian cybersecurity leader, in the release. “Creating a robust cybersecurity program is a long, focused process, and many companies haven’t taken that step. That’s why 72% of our survey’s respondents said they need up to 50% more budget for their cyber needs.”

A lack of awareness by companies and employees was the primary reason for major breaches, according to EY:

“This weakness is primarily exploited through phishing, where company employees engage with malicious emails disguised as authentic,” EY explained. “In the process, they unknowingly let the attackers access internal systems.”

Insurance companies are included in the study and are as at risk and unaware of the consequences as any other industry. However, cybersecurity is also a growth area for insurance companies. Increasingly, companies are seeking coverage to protect them from attacks. Insurers are creating insurance solutions to provide policies in the cyber market.