Highlights of the 2015 Scalar Security Study, The Cyber Security Readiness of Canadian Organizations, published February 2015. The full report can be downloaded at: http://hubs.ly/y0tFbr0

1. THE CYBER
SECURITY
READINESS
OF CANADIAN
ORGANIZATIONS
Results of the 2015 Scalar Security Study
Research independently conducted by Ponemon Institute
Published February 2015
www.scalar.ca

2. WE WANTED TO KNOW:
o HOW PREPARED DO CANADIAN ORGANIZATIONS FEEL TO
RESPOND TO CYBER SECURITY ATTACKS?
o WHAT IS THE AVERAGE COST OF ATTACKS ON CANADIAN
ORGANIZATIONS?
o WHAT STRATEGIES AND TECHNOLOGIES ARE MOST
EFFECTIVE IN COMBATTING SECURITY ATTACKS?
o WHICH ORGANIZATIONS ARE MOST PREPARED TO DEAL
WITH AN ATTACK, AND HOW DO THEY DIFFER FROM
ORGANIZATIONS WHICH ARE UNPREPARED?

3. WE RECEIVED RESPONSES FROM OVER 600 IT
AND IT SECURITY PRACTITIONERS, FROM A
VARIETY OF INDUSTRIES, WITH OVER HALF
COMING FROM ORGANIZATIONS WITH AN
EMPLOYEE COUNT BETWEEN
250 AND 5,000

4. KEY
FINDINGS

5. ONLY
41 %
OF RESPONDENTS
BELIEVE THEY
ARE WINNING
THE CYBER SECURITY
WAR

6. CHALLENGES TO ACHIEVING
CYBER SECURITY EFFECTIVENESS:
o LACK OF IN-HOUSE EXPERTISE
o LACK OF COLLABORATION WITH OTHER
FUNCTIONS
o INSUFFICIENT PERSONNEL
o LACK OF CLEAR LEADERSHIP
o INSUFFICIENT BUDGET

7. ORGANIZATIONS
IN CANADA
EXPERIENCE
AN AVERAGE OF
CYBER ATTACKS
PER YEAR
34

8. 46%
OF RESPONDENTS
EXPERIENCED AN
ATTACK IN THE LAST
12 MONTHS WHICH
LED TO THE LOSS
OR EXPOSURE OF
SENSITIVE
INFORMATION

9. EACH INCIDENT COSTS AN AVERAGE OF
$208, 432 IN
$19,883
$29,035
$38,310
$45,177
$76,087
DAMAGE
TO
REPUTATION
AND
MARKETPLACE
IMAGE
DAMAGE
OR
THEFT
OF
IT
ASSETS
AND
INFRASTRUCTURE
DISRUPTION
TO
NORMAL
OPERATIONS
LOST
USER
PRODUCTIVITY
CLEANUP
OR
REMEDIATION

10. HOWEVER,
IT’S NOT ALL BAD NEWS.
OUR RESEARCH FOUND THAT
ORGANIZATIONS CAN TAKE
DEFINITIVE STEPS TO ACHIEVE A
STRONGER SECURITY POSTURE…

11. OUR RESEARCH IDENTIFIED A SUBSET OF THE
SAMPLE THAT SELF-REPORTED THEY HAD
ACHIEVED A MORE EFFECTIVE CYBER SECURITY
POSTURE (THEY RATED THEMSELVES AS 7 OR
HIGHER ON A 1-10 SCALE OF CYBER SECURITY
EFFECTIVENESS). THIS “HIGH-PERFORMING”
GROUP REPRESENTED 48 PERCENT OF THE
SAMPLE, AND WE COMPARED THEIR
BEHAVIOURS WITH THE REMAINING 52
PERCENT OF THE SAMPLE, THE “LOW
PERFORMERS”…

12. HIGH-PERFORMING ORGANIZATIONS:
o ARE MORE AWARE OF THE THREAT
LANDSCAPE
o HAVE A HIGHER PERCENTAGE OF THEIR
IT BUDGET DEDICATED TO SECURITY
o INVEST IN CUTTING EDGE
TECHNOLOGIES
o MEASURE THE ROI OF THOSE
TECHNOLOGIES
o AND HAVE A SECURITY STRATEGY THAT
IS ALIGNED WITH THEIR BUSINESS
OBJECTIVES AND MISSION

13. THESE HIGH
PERFORMING
ORGANIZATIONS ARE
28%LESS
LIKELY THAN LOW-
PERFORMERS TO HAVE
EXPERIENCED
AN ATTACK IN THE LAST YEAR
THAT INVOLVED THE LOSS
OR EXPOSURE OF SENSITIVE
INFORMATION

14. SOME OF THE SECURITY
TECHNOLOGIES SHOWING THE
HIGHEST ROI:
25%
26%
29%
44%
38%
43%
35%
41%
42%
48%
53%
58%
ENDPOINT
SECURITY
SOLUTIONS
NEXT-­‐GENERATION
FIREWALLS
ENCRYPTION
FOR
DATA
AT
REST
NETWORK
TRAFFIC
SURVEILLANCE
IDENTITY
MANAGEMENT
&
AUTHENTICATION
SECURITY
INFORMATION
AND
EVENT
MANAGEMENT
(SIEM)
HIGH
PERFORMING
COMPANY
LOW
PERFORMING
COMPANY

15. THE PRACTICES OF HIGH-
PERFORMING ORGANIZATIONS
PROVIDE GUIDANCE ON HOW
ORGANIZATIONS CAN IMPROVE
THEIR CYBER SECURITY
EFFECTIVENESS…

16. PREPARE
BE MORE AWARE OF THREATS AND
ALIGN YOUR SECURITY STRATEGY
WITH BUSINESS OBJECTIVES AND
MISSION. INVEST IN A SECURITY AUDIT
TO HELP YOU DO SO.
DEFEND
ALLOCATE MORE OF YOUR BUDGET TO
IT SECURITY, AND INVEST IN
CUTTING-EDGE TECHNOLOGIES WITH
HIGH ROI. PROACTIVELY RECRUIT
EXPERTS TO JOIN YOUR
CYBERSECURITY TEAM.
RESPOND
LEVERAGE TECHNOLOGIES, PEOPLE,
AND PROCESS TO QUICKLY CONTAIN
THREATS AS THEY ARISE, AND
CONDUCT REGULAR ANALYSIS TO
IDENTIFY AREAS FOR IMPROVEMENT.

17. DOWNLOAD THE COMPLETE STUDY
http://hubs.ly/y0tFbr0