Few companies may be ready to handle an attack from criminals lurking in cyberspace, and fewer know about the government’s three-year-old cyber-security efforts, according to a national study.
The study’s authors concluded that results, while only a small snapshot of the millions of businesses big and small in Canada, point to gaps in how companies protect themselves from cybercrime, a finding that could be chalked up to little monetary damage to companies that fall victim to hackers.
The cost of cybercrime to those businesses that fell victim to an attack was low, on average about $14,000 per incident, according to the companies surveyed. Cybercrime victims also reported little effects on their business reputation, according to the study from the International Cyber Security Protection Alliance, a non-profit group based in the U.K.
Experts suggest that financial-effect figures may have to rise dramatically before small- and medium-sized businesses beef up their IT defences, since few appear ready to defend themselves from attackers.
The study released Wednesday found that of the businesses surveyed, about 70 per cent had no procedure in place to deal with a successful hack and only 22 per cent actually looked to identify where they were most vulnerable.
“We don’t have the right alerts and alarms … to tell us what’s wrong,” said Ken Taylor, the group’s North American president.
There was even less awareness of the government’s cyber-security strategy, with about seven per cent of respondents aware of the document that was released in 2010, and about 12 per cent aware of the government’s cybercrime prevention campaigns.
Companies were also three times more likely to turn to a private company than to the government for cybercrime help.
According to the survey, businesses appear to want the government to follow the strategy already being followed: Build awareness of the threats in cyberspace, but leave it to businesses to protect themselves.
However, with no benchmark for what levels of security companies should employ, preparedness is “all over the map,” Taylor said. Government and businesses, he said, need to define what should be done to secure private and public systems.
“Our country has done what other countries in the G20 have done, but that (strategy) is the first stage,” Taylor said in an interview. “There has to be a metric, a benchmark. … This is a shared responsibility.”
Of the 520 businesses surveyed in the national study, 69 per cent reported some kind of digital attack against them in the previous 12 months, with one-quarter saying the attack had “considerable” effects on their business. In total, companies surveyed reported a total of 5,866 attacks against them over the previous 12 months.
The majority of respondents believed senior managers treat cybercrime incidents seriously, but that finding may be a result of reporting bias because the people answering questions were senior managers themselves.
As well, the study found that most companies reported that less than one-fifth of cyber-attacks caused any reputational damage.
The telephone survey of 520 companies across Canada touched on companies in six industries — financial services, airlines and shipping, telecommunications, critical infrastructure, aerospace and defence, and retail — and companies with revenues from under $1 million up to more than $100 million.
The survey was conducted between Nov. 15 and Dec. 15, 2012, and is accurate to within 4.38 percentage points, 19 times out of 20.
The study’s authors concluded that results, while only a small snapshot of the millions of businesses big and small in Canada, point to gaps in how companies protect themselves from cybercrime, a finding that could be chalked up to little monetary damage to companies that fall victim to hackers.
The cost of cybercrime to those businesses that fell victim to an attack was low, on average about $14,000 per incident, according to the companies surveyed. Cybercrime victims also reported little effects on their business reputation, according to the study from the International Cyber Security Protection Alliance, a non-profit group based in the U.K.
Experts suggest that financial-effect figures may have to rise dramatically before small- and medium-sized businesses beef up their IT defences, since few appear ready to defend themselves from attackers.
The study released Wednesday found that of the businesses surveyed, about 70 per cent had no procedure in place to deal with a successful hack and only 22 per cent actually looked to identify where they were most vulnerable.
“We don’t have the right alerts and alarms … to tell us what’s wrong,” said Ken Taylor, the group’s North American president.
There was even less awareness of the government’s cyber-security strategy, with about seven per cent of respondents aware of the document that was released in 2010, and about 12 per cent aware of the government’s cybercrime prevention campaigns.
Companies were also three times more likely to turn to a private company than to the government for cybercrime help.
According to the survey, businesses appear to want the government to follow the strategy already being followed: Build awareness of the threats in cyberspace, but leave it to businesses to protect themselves.
However, with no benchmark for what levels of security companies should employ, preparedness is “all over the map,” Taylor said. Government and businesses, he said, need to define what should be done to secure private and public systems.
“Our country has done what other countries in the G20 have done, but that (strategy) is the first stage,” Taylor said in an interview. “There has to be a metric, a benchmark. … This is a shared responsibility.”
Of the 520 businesses surveyed in the national study, 69 per cent reported some kind of digital attack against them in the previous 12 months, with one-quarter saying the attack had “considerable” effects on their business. In total, companies surveyed reported a total of 5,866 attacks against them over the previous 12 months.
The majority of respondents believed senior managers treat cybercrime incidents seriously, but that finding may be a result of reporting bias because the people answering questions were senior managers themselves.
As well, the study found that most companies reported that less than one-fifth of cyber-attacks caused any reputational damage.
The telephone survey of 520 companies across Canada touched on companies in six industries — financial services, airlines and shipping, telecommunications, critical infrastructure, aerospace and defence, and retail — and companies with revenues from under $1 million up to more than $100 million.
The survey was conducted between Nov. 15 and Dec. 15, 2012, and is accurate to within 4.38 percentage points, 19 times out of 20.
This is definitely one of the best articles I have read in this blog! Thanks Mate.
ReplyDeleteSEO Company in Chennai