Fewer restrictions, evolving cyber threats and new legislation make 2022 a critical year for cybersecurity
The transformation in how we work—whether in-office, virtual or hybrid—has had a profound impact on how businesses and organizations protect themselves from cyber threats and secure personal data. The proliferation of cybersecurity tools, including artificial intelligence (AI) and cloud computing, has resulted in a constantly evolving threat landscape where new malicious actors and novel tactics are seen almost daily. The 2022 CIRA Cybersecurity Survey unpacks how Canada’s cybersecurity professionals are managing these threats and provides insight into the solutions they employ to keep their data, networks and users safe.
Through this report, cybersecurity professionals have indicated just how much their responsibilities have changed over the last year in the face of these mounting threats. Accordingly, 96 per cent of organizations indicate that they conduct mandatory cybersecurity awareness training for at least some employees. This is a notable increase since the start of the pandemic when only 87 per cent conducted such training.
A trend that was both unexpected and encouraging saw 63 per cent of respondents indicate that data sovereignty—the principle of ensuring user data and traffic stays in Canada—was a major consideration for cybersecurity professionals when seeking cybersecurity vendors, beating out price as a factor.
Of course, government plays a significant role in helping protect Canadians online—both through legislation and programs that enhance the cybersecurity landscape. Bill C-27, The Digital Charter Implementation Act—which could have a significant impact on how user data is protected and stored—is currently making its way through Parliament. However, only 55 per cent of cybersecurity professionals were aware of the bill. Notably, nearly six-in-ten (59 per cent) of those who were aware of the bill stated that they were concerned about how it could affect their organization. This highlights the need for more government outreach on this pending legislation, explaining its impact on Canadian organizations of all sizes.
No network is 100 per cent secure, so, to protect against the threats that do get through, it is important that organizations have a cyber response plan. This year’s survey found that 82 per cent of organizations have a plan in place to respond to a cyber attack. The importance of having a plan cannot be understated, as developing one in the middle of an attack is less than ideal, and we know that six-in-ten Canadian organizations have been required to deploy their response plan in the face of an active threat.
A telltale sign of an evolving risk to business is the reaction of the insurance industry. Insurance companies in Canada have been ahead of the cyber threat curve which can be seen in the gradual increase of cybersecurity policies. While still an emerging trend, the number of organizations with cybersecurity insurance increased to 15 per cent in 2022. This is a trend we only expect to gain momentum in the coming years.
Over the coming weeks, we will be breaking down the results of the 2022 CIRA Cybersecurity Survey into a series of blog posts (which you can find in this section below), each covering a key insight in greater detail. It is our hope that cybersecurity professionals can gain some insight from our data that will inform their understanding of the threat landscape in Canada.