Average recovery cost for those attacked more than once per day surpasses $3.7 million.
TORONTO — Canadian companies are cyber attacked in varying degrees of severity more than 450 times per year, with 87% suffering at least one successful breach, says a Scalar Decisions cybersecurity study.
The Toronto-based IT security provider said the survey of 420 Canadian IT and security workers conducted by IDC Canada also showed almost half (46%) of the respondents are not confident in their ability to defend against attacks.
“Many companies are still reporting gaps in their defences despite hiring full-time security staff, which may point to a deficit in the availability of highly skilled IT workers,” said Theo Van Wyk, Scalar’s chief security architect. “The rising number of high-impact breaches coincides with the increasing costs of recovery.”
The study also found:
• Of the companies that suffered a security breach, 47% had sensitive data stolen.
• One-in-five breaches was classified as “high-impact” where sensitive customer or employee information was exposed.
• 36% of respondents are not confident in their company’s ability to respond to security breaches.
• The average company spends $3.7 million in direct and indirect costs to recover from security breaches.
• One-fifth of smaller organizations believe they don’t have enough resources to effectively defend against attacks.
• Firms dedicate about 10% of their IT budgets to security spending.
• A majority of respondents do not train employees to identify attacks, such as phishing scams, or to update software with the latest security measures.
• Almost three-quarters of respondents don’t comprehensively analyze how third-party relationships affect their overall cyber security planning.
All responses were captured in November and December 2017 by IDC Canada through a Canada-wide cross-industry survey. Respondents came from a variety of industries, with more than half representing companies with 250 to 4,999 employees.
Click here to download the study.