This column is part of Globe Careers' Leadership Lab series, where executives and experts share their views and advice about leadership and management. Follow us at @Globe_Careers. Find all Leadership Lab stories at tgam.ca/leadershiplab
Are Canadian companies lagging behind our U.S. counterparts when it comes to strategic information technology spending? I recently had lunch with a friend and that troubling question arose.
My friend works for a multi-national information technology (IT) company. We ended up chatting about some pressing topics in our industry – new cyber threats, government surveillance, large-scale security breaches, among others.
What was disconcerting was that he mentioned that based on his experience working on both sides of the border, he sees Canadian companies trailing behind our U.S. peers in investments in people, process and tools when it comes to information security.
"Companies in Canada aren't really seeing the need to invest and executives don't understand the risks," he said.
This begs the question: Are we less vulnerable to these kinds of security threats than our U.S. neighbours?
The answer is no. In 2013, Symantec released our annual Norton Report that showed the cost of cybercrime to Canadians was $3-billion for the year, more than twice the cost from the previous year. And while attacks targeting institutions like government agencies and retail giants may seem to be most prevalent and serious given the exposure they receive in the media, the reality is, no organization is immune.
Consider this: Juniper Networks issued a report showing a 614 per cent year-over-year increase in attacks targeting mobile devices. And The SANS Institute, a co-operative research and education organization, reported that 48 per cent of global IT professionals are operating under the assumption that their data has already been comprised.
The reason for the lack of Canadian investment in information technology and security is unclear, but it likely relates to the fact it can be easy to dismiss the potential harm that these kinds of breaches present when the risks are difficult to discern. But this past year, we have seen the impact that complacency can cause, including:
1. Loss of public trust
Many private and public sector organizations store sensitive company and customer data. Having this information accessed by hackers can result in significant consequences. The obvious repercussions are exposed credit card and banking information; for others, social insurance numbers, and other pertinent financial information.
But consequences of security attacks can go beyond material loss: if your brand is suddenly associated with a lack of security and trust, your organization can take a serious hit outside of the more obvious financial implications. Establishing and protecting this trust is crucial and having a detection and response solution in place to address potential cyber attack can mitigate these intrinsic risks.
2. Financial implications
Yes, there will always be cyber attacks targeting financial assets. It is the fastest way for criminals to immediately profit from their labour. But what about the major financial repercussions your company could suffer during the period of downtime while security breaches are addressed? In February, 2012, The Aberdeen Group, a business intelligence research company, reported that the average cost per hour of service disruption is $181,770 and a typical business disturbance costs more than $417,000.
While the reason for the lack of investment may be unclear, whether Canadian companies are actually investing less in IT security than their U.S. counterparts is not. Last year, AMI Partners, a global strategy and consulting firm, determined that Canadian companies with up to 1,000 employees are spending only roughly 14 per cent of what U.S. companies spend on IT security.
The good news is, not all Canadian industries are satisfied with the status quo; in fact, some are taking their security concerns seriously. A 2013 study from IDC Canada projects that the Canadian banking industry will heavily raise its overall IT investments this year. Government agencies like the Canadian Revenue Agency have also committed to bulk up their security infrastructure in the wake of recent breaches.
But we can do better. Canada is at the forefront of technology. We have a wealth of IT and engineering talent that is translating into new, innovative solutions in healthcare, emerging technologies, enterprise software and many others. It's time that we're seen as leaders in IT security.
Sean Forkan is the vice-president and general manager of Symantec Canada (@SymantecCanada). Symantec (@Symantec) is a one of the world's largest software companies, helping businesses and consumers protect and manage their information.