Purchase of cybersecurity solutions and cybersecurity training account for more than 50 per cent of what Canadian businesses allocate to their IT budget, new research by network security solution for businesses Nordlayer found.
For this research, an external agency surveyed, on behalf of Nordlayer, 500 non-governmental organizations between Mar. 15 and 25, 2023, across Canada, the UK and the U.S..
A sufficient budget is key in choosing comprehensive cybersecurity tools and solutions needed to adapt to the rapidly changing threat landscape, the report emphasized.
Canadian companies are combining different measures to bolster security. Most are using antivirus software (72 per cent), while secure passwords (66 per cent) and file encryption (65 per cent) are the second-highest priorities when creating security policies.
Business virtual private networks (VPNs) remain popular in securing organization network connections, with over half of companies using them. Cyber insurance is also gradually making its way to business cybersecurity, although the focus is on coverage for the consequences rather than preventing an attack.
Carlos Salas, a cybersecurity expert at NordLayer, noted that “cybersecurity funds must be distributed wisely to ensure valuable outcomes, prove the chosen security direction effective, and minimize resources’ waste.”
Accordingly, spending on cybersecurity solutions will remain a priority in 2023, but Canadian businesses will also invest in cybersecurity training for employees, and hiring dedicated staff for cybersecurity as well as commissioning external cybersecurity audits.
Only 4 per cent of companies said they don’t plan to invest in cybersecurity in 2023, of which the majority are small companies.
The report, however, notes that size does not make one immune. Smaller businesses across the UK, U.S. and Canada continue to experience identity theft (12 per cent), data breaches (11 per cent), insider threats (2 per cent). and social engineering attacks (5 per cent). But small companies still suffer far fewer cyberattacks than large companies. A walloping 90 per cent of large companies say they experienced cyberattacks last year. But they also demonstrated stability in their security spending, consistently allocating an average of 24 per cent of funds designated to IT or cybersecurity needs in 2022-2023.
Phishing (42 per cent) was the most prominent cyber attack in Canada last year, followed by malware (33 per cent), and 27 per cent reported data breaches.
Interestingly, ransomware attacks that broke the most headlines recently were the least prominent globally. This demonstrates, the report says, the dynamic and unpredictable nature of the cybersecurity landscape. And the frequency of cyber incidents doesn’t necessarily indicate the scale of damage inflicted.
Canadian companies say they experienced financial losses from cyberattacks ranging from C$5000 to over C$10,000. Numbers could be much higher, as 15 per cent of companies could not disclose how much they lost due to cyber incidents, the report noted.
The report also offers some best practices for developing cybersecurity budgets:
Be aware of cybersecurity challenges and the vulnerability of their business to cyber threats.
Understand what security risks, threats, and scenarios your business is most exposed to
Investigate how the company’s budgets are allocated to different needs
Review your security strategy, see what needs improvement, identify gaps to be addressed
Plan a cybersecurity strategy, explore tools, training, outsourced services, backup plans for threat scenarios
Select solutions and tools that best suit your case
Review and adapt to business needs
Make cybersecurity an ongoing process.
The post Purchase of cybersecurity solutions the most popular IT investment among Canadian companies: Nordlayer first appeared on IT World Canada.