Too many Canadian firms have ’emerging’ cybersecurity maturity, survey suggests
Many Canadian companies still have a long way to go to be considered a mature cybersecurity organization, if a study for a vendor is representative.
Twenty-seven percent of organizations would describe themselves as an “emerging” safety stance, says the CDW Canada study, which is the lowest of the four categories on a maturity scale created for the study.
Organizations classified as emerging have intensive, manually documented and poorly documented security processes, a small dedicated security team (or no one dedicated with security responsibilities), and an “elemental and decentralized” security stack.
In comparison, 43% of Canadian organizations would have an intermediate security position, 17% as an advanced security position, and 12% as a leading security position.
Within each of the four categories, 53% of those classified as only an emerging maturity were medium and large organizations. Another 28% were small businesses.
The rankings were established based on the responses of 555 computer security and risk / compliance professionals to questions about their organizations. Of the computer security respondents, three-quarters held positions of supervisor or superior. Respondents worked in organizations with at least 15 full-time employees.
The report was the seventh cybersecurity study of Canadian companies. However, it used a different cybersecurity maturity scoring method than the previous ones.
Related Content: A Disappointing Canadian Survey
Theo van Wyk, head of solutions development and cybersecurity at CDW Canada, said he predicted that most companies would be in the middle or middle rankings for maturity, and they were.
But he admitted to being surprised at how many organizations would be classified as just an emerging maturity.
It was “higher than I expected,” he said, noting that cybersecurity is always in the news. But for many organizations, he said, cybersecurity is not their business. “It just shows that there is a lot of education to be done to help organizations safely,” he said.
When asked what it will take to raise an organization’s level in the cybersecurity maturity score, van Wyk said a “very, very quick gain” would be to gain acceptance of a cybersecurity program. suite and board of directors. Not only must they understand what cybersecurity means to their organization, he said, but they must also show all employees that it is a management priority.
The second is to have a regular safety awareness training program so that staff understand why it is important. The third is to have a cybersecurity program that documents the right processes, he said. And the fourth is to have resilience, so that the organization can survive and recover from a cyberattack.
Van Wyk noted that only 36 percent of respondents said their organization had fully recovered the data when needed. Another 40% said they had partially restored the data. 21% said they could not restore any data when they had to.
The full report is available here. You need to register.