A lack of in-house expertise is holding Canadian IT professionals back from protecting their companies’ data, according to new research.
In a new survey conducted by the Ponemon Institute and Scalar Decisions, about 59 per cent of the 623 Canadian IT professionals surveyed said they felt they were having trouble keeping their data from falling into the wrong hands, and that they were not “winning the cybersecurity war.” The main reason was a lack of expertise, but respondents also said they needed more staff, better leadership, and more collaboration between departments in their organizations.
Getting these issues resolved is important – among these respondents, confidence in their IT security wasn’t exactly high. According to the report, on average, organizations in Canada run into 34 attacks a year. While only half of respondents believed there’s been an upswing in the number of attacks mounted each year, 73 per cent said they believed the attacks that do occur are becoming more sophisticated. A solid 79 per cent said attacks were increasing in severity.
While respondents were divided as to whether these attacks cut into their ability to compete, with a three-way tie between “yes,” “no,” and “not sure,” what’s clear is that with weakened data security, there is some kind of impact on their bottom line.
Sixty-five per cent of IT professionals said they relied on a “gut feeling” to tell them whether they’d lost the edge to their competitors, while 46 per cent said they noticed if copied products or activities began to appear on the market.
Beyond just going with a gut feeling, among organizations that have had their intellectual property stolen in the last year, the average cost of the data breach was about $9 million, according to the Ponemon Institute.
However, that doesn’t account for each of the incidents that an organization might encounter each year. For just one incident, an organization might need to pay for things like damage to their IT assets and infrastructure, downtime in their usual activities, lost user productivity, and cleanup and remediation for their customers.
The greatest expense is typically restoring the organization’s reputation among its customers and within the industry, with average spending set at around $76,000 spent on one incident to restore an organization’s image.
With such heavy costs levelled at organizations that suffer from security incidents, it makes sense that IT security practitioners would push for more resources and more money from the annual budget.
And if security professionals need more of a boost to make their case for more resources dedicated to data security, the report points to a correlation between high-performing organizations and security.
High-performing organizations, which are defined as having more awareness about security threats, spending more on their defenses, and regularly mapping out the ROI of their investments in tech, tended to show more confidence in their security measures. They also tended to be more likely to align their security strategy with their business goals.
For the full report, head on over here.