Skip to main content

Are Canadian firms lagging behind with IT security?

This column is part of Globe Careers' Leadership Lab series, where executives and experts share their views and advice about leadership and management. Follow us at @Globe_Careers. Find all Leadership Lab stories at tgam.ca/leadershiplab

Are Canadian companies lagging behind our U.S. counterparts when it comes to strategic information technology spending? I recently had lunch with a friend and that troubling question arose.

My friend works for a multi-national information technology (IT) company. We ended up chatting about some pressing topics in our industry – new cyber threats, government surveillance, large-scale security breaches, among others.

Story continues below advertisement

What was disconcerting was that he mentioned that based on his experience working on both sides of the border, he sees Canadian companies trailing behind our U.S. peers in investments in people, process and tools when it comes to information security.

"Companies in Canada aren't really seeing the need to invest and executives don't understand the risks," he said.

This begs the question: Are we less vulnerable to these kinds of security threats than our U.S. neighbours?

The answer is no. In 2013, Symantec released our annual Norton Report that showed the cost of cybercrime to Canadians was $3-billion for the year, more than twice the cost from the previous year. And while attacks targeting institutions like government agencies and retail giants may seem to be most prevalent and serious given the exposure they receive in the media, the reality is, no organization is immune.

Consider this: Juniper Networks issued a report showing a 614 per cent year-over-year increase in attacks targeting mobile devices. And The SANS Institute, a co-operative research and education organization, reported that 48 per cent of global IT professionals are operating under the assumption that their data has already been comprised.

The reason for the lack of Canadian investment in information technology and security is unclear, but it likely relates to the fact it can be easy to dismiss the potential harm that these kinds of breaches present when the risks are difficult to discern. But this past year, we have seen the impact that complacency can cause, including:

1. Loss of public trust

Story continues below advertisement

Many private and public sector organizations store sensitive company and customer data. Having this information accessed by hackers can result in significant consequences. The obvious repercussions are exposed credit card and banking information; for others, social insurance numbers, and other pertinent financial information.

But consequences of security attacks can go beyond material loss: if your brand is suddenly associated with a lack of security and trust, your organization can take a serious hit outside of the more obvious financial implications. Establishing and protecting this trust is crucial and having a detection and response solution in place to address potential cyber attack can mitigate these intrinsic risks.

2. Financial implications

Yes, there will always be cyber attacks targeting financial assets. It is the fastest way for criminals to immediately profit from their labour. But what about the major financial repercussions your company could suffer during the period of downtime while security breaches are addressed? In February, 2012, The Aberdeen Group, a business intelligence research company, reported that the average cost per hour of service disruption is $181,770 and a typical business disturbance costs more than $417,000.

While the reason for the lack of investment may be unclear, whether Canadian companies are actually investing less in IT security than their U.S. counterparts is not. Last year, AMI Partners, a global strategy and consulting firm, determined that Canadian companies with up to 1,000 employees are spending only roughly 14 per cent of what U.S. companies spend on IT security.

The good news is, not all Canadian industries are satisfied with the status quo; in fact, some are taking their security concerns seriously. A 2013 study from IDC Canada projects that the Canadian banking industry will heavily raise its overall IT investments this year. Government agencies like the Canadian Revenue Agency have also committed to bulk up their security infrastructure in the wake of recent breaches.

Story continues below advertisement

But we can do better. Canada is at the forefront of technology. We have a wealth of IT and engineering talent that is translating into new, innovative solutions in healthcare, emerging technologies, enterprise software and many others. It's time that we're seen as leaders in IT security.

Sean Forkan is the vice-president and general manager of Symantec Canada (@SymantecCanada). Symantec (@Symantec) is a one of the world's largest software companies, helping businesses and consumers protect and manage their information.

Report an error Editorial code of conduct
Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

Comments that violate our community guidelines will be removed.

Read our community guidelines here

Discussion loading ...

Cannabis pro newsletter