Research suggests that too many Canadian companies have a “new” cybersecurity maturity

If vendor research is representative, many Canadian companies still have a long way to go before being considered a mature cybersecurity organization.

According to a CDW Canada survey, 27% of organizations have “new” security regimes, the lowest of the four categories on the maturity scale created for this survey. ..

Organizations ranked as emerging have a “basic, decentralized” security stack with no manually centralized undocumented security processes, small dedicated security teams, or anyone dedicated to security responsibilities. I have.

By comparison, 43% of Canadian organizations are ranked as medium security, 17% as advanced security, and 12% as major security.

Of each of the four categories, 53% of organizations ranked as mature were medium and large organizations. An additional 28% were SMEs.

The ranking was established from the answers of 555 IT security and risk / compliance experts to questions about the organization. Of the IT security respondents, three-quarters were in supervisor or higher positions. Respondents worked in an organization with at least 15 full-time employees.

This report was the seventh cybersecurity survey of a Canadian company. However, we used a different cybersecurity maturity scoring method than the previous method.

Related Content: A disappointing Canadian survey

Theovan Wyk, Head of Solution Development and Cyber ​​Security at CDW Canada, said most companies expected to be ranked in the middle or middle of maturity.

However, he admitted that he was surprised that some organizations were ranked as having only a new maturity.

Given that cybersecurity is always in the news, it was “higher than I expected,” he said. But for many organizations, cybersecurity is not their business, he said. “This just shows that there is a lot of education to be done to support the security of the organization,” he said.

Asked what it takes to raise an organization to the next level with a cybersecurity maturity score, Van Wyck said “a really, really quick win” was endorsed by the C Suite and the board of directors for the security program. He said he would get it. He said they need to not only understand what cybersecurity means for their organization, but also show all employees that it is an administrative priority.

Second, conduct regular security awareness training programs to help staff understand why it is important. The third is to have a cyber security program that documents the appropriate process. And fourth, resiliency allows organizations to survive and recover from cyberattacks.

Van Wyk said that only 36% of survey respondents said they had fully recovered their data when the organization needed it. Another 40% say they have partially restored their data. 21% say they couldn’t recover the data when needed.

The full report is available here. Registration is required.