[BreachExchange] Average Canadian company faces $3.7 million in cyber exposure

Inga Goddijn inga at riskbasedsecurity.com
Fri Feb 9 19:17:18 EST 2018


The cost to recover from security breaches in Canada averages $3.7 million
in direct and indirect costs per organization, including network down time,
employee work days, lost files and compromised information, according to a
new survey.

Of that amount, the majority – about $3.5 million – is lost in revenue and
productivity, while $215,080 is spent in direct dollars addressing the

The study, *The Cyber Security Readiness of Canadian Organizations**, *said
that the average company finds itself under attack by hackers more than
once a day. Almost nine in 10 (87%) polled organizations suffered at least
one successful breach in the past year, reported 420 people with on-the-job
responsibility for cybersecurity in their organizations.

In Canada alone, cybersecurity breaches cost companies a total of more than
$9.6 billion in recovery in the past year, Scalar Decision’s chief security
architect, Theo Van Wyk, wrote in a related blog post on Thursday, when the
study was released. The report was done by IDC Canada for Scalar Decisions
<http://www.scalar.ca>. Along with that huge financial hit, these companies
experienced a total of more than 813,000 days of down time and had over
100-million sensitive data records stolen.

Out of the 100-million records stolen, sensitive data was exposed 41% of
the time in 2017. One in five breaches was classified as “high impact”
because sensitive customer or employee information was exposed. Over 60
million of the sensitive data records stolen had data regarding “financials
and product secrets.”

For Canadian organizations, key cybersecurity weaknesses still exist, the
survey found, including:

   - Understanding exposure and vulnerabilities.
   - Security training for employees.
   - Speed of installing security updates and patches.
   - Security incident response planning.

In particular, only 26% of respondents across organization sizes conduct
formal training for employees. Firms also face organizational blind spots
about risk areas, with the top concerns being: exposure to insider threats
from employees or contractors; getting the organization to conduct regular
cybersecurity risk assessments and audits; and inability to identify the
threats that could jeopardize infrastructure and data.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180209/4cb4aca2/attachment.html>

More information about the BreachExchange mailing list