Cyber attackers winning security war: study

IT pros see increase in severity, sophistication and frequency of cyber crime.

February 9, 2016   by PLANT STAFF

TORONTO — Only 37% of Canadian organizations believe they’re winning the cyber security war, according to a study by Scalar Decisions Inc. That’s a 4% decrease from a 2015 study.

The information technology integrator based in Toronto cited insufficient numbers of in-house personnel and lack of in-house expertise as the greatest challenges.

The Cyber Security Readiness of Canadian Organizations report also found most respondents believed that cyber security crimes in their organizations are increasing in severity (80%), sophistication (71%) and frequency (70%).

Loss of intellectual property was experienced by 33% of respondents in the last 24 months and 36% believed it caused a loss of competitive advantage.


The average total cost of cyber attacks in the last 12 months was approximately $7 million per organization. But the study found cyber security spending has increased slightly from last year, with an average 11% of the IT budget dedicated to information security (versus 10% in 2015).

Respondents reported an average of 40 cyber attacks per year, a 17% increase over last year’s report; but only 38% indicated their organizations had systems in control to deal with advanced persistent threats.

Overall, the greatest threat to IT networks was reported to be web-borne malware attacks, with 80% pointing to this risk as the most frequent security compromise, followed by rootkits (65%).

The research also identified a subset of the sample that achieved a more effective cyber security posture. Comparing the high performers, representing 53% of the sample, with the low performers, spend 43% more of their IT budget on information security and were more likely to have their cyber security strategy fully aligned with business objectives and mission.

High performers were also 28% more confident that they’re winning the cyber security war.

The survey conducted in October involved 654 respondents from IT and IT security practitioners from a wide variety of industries.

Click here for a copy of the report.


Print this page

Related Stories