CIRA publishes an annual survey of Canadian IT and cybersecurity professionals to better understand how they are coping with cyber threats. The survey of 500 cybersecurity professionals across the country was conducted by research firm The Strategic Counsel in August. This is the last blog post in a series of four documenting 2024 cybersecurity trends.
It may be a well-worn adage, but it’s true: cybersecurity is a team sport. No matter how well equipped you are to fend off the latest cyber threats, when the unthinkable happens and your organization is hit with an attack, you can’t go it alone. You need a support network of knowledgeable partners you can lean on, a community of trust that will help you accelerate your recovery and limit the damage to your operations, your data, and the people you serve.
Ongoing collaboration on cybersecurity is vitally important in the current threat environment, as cybersecurity professionals from Canadian organizations large and small continue to lose sleep thinking about the fallout from the rising tide of cyber attacks.
According to our 2024 CIRA Cybersecurity Survey results, 44 per cent of organizations across the private, public and MUSH (municipalities, universities, school boards, and hospitals) sectors report being the victim of a cybersecurity incident in the last 12 months. Over one-quarter (28 per cent) indicate that their organization has been a victim of a successful ransomware attack in the last 12 months, up sharply from 17 per cent in 2021. Among this group, nearly three quarters (73 per cent) indicate that data was exfiltrated by hackers. Whenever you’re hit by a major incident like these, some degree of operational disruption, lost productivity, lost revenue, or reputational damage is inevitable.
Partner up to maximize your protection against cyber crime
At CIRA, we believe that meaningful and effective cybersecurity measures require governments, industry leaders, civil society, and individuals to all play an active role. It doesn’t matter what you do or what sector you’re in, when it comes to cybersecurity, strong relationships are essential for fighting back against cyber criminals.
Fortunately, many Canadian organizations share this view. The results of the 2024 CIRA Cybersecurity Survey show that just over half of Canadian organizations overall (54 per cent) report being part of a group or partnership aimed at improving cybersecurity. For MUSH sector organizations, collaborative partnerships are especially helpful, given the opportunity for resource sharing. This is especially important because MUSH sector (55 per cent) organizations reported more cyber-attacks than their private sector (41 per cent) counterparts.
According to the survey results, the ongoing management of cybersecurity is handled internally in just over half of organizations (52 per cent), but outsourcing is not uncommon. When a major cyber incident occurs, however, most organizations look externally for assistance. Almost seven in 10 organizations (68 per cent) report seeking external help with responding to and recovering from a variety of cyber incidents in the last 12 months, up from 61 per cent in 2023. The largest share of organizations (57 per cent) turned to a cybersecurity firm or consultancy for assistance after an attack, followed by government agencies with cybersecurity expertise (39 per cent), and law enforcement (35 per cent).
Survey participants rate public sector partnerships highly
Cybersecurity professionals also see significant value in their relationships with public sector partners. About half rate the level of support from law enforcement agencies, federal government, and provincial government as excellent or good for organizations taking actions to prepare against cyber threats.
Additionally, survey participants expressed broad support (77 per cent) for the objectives of Bill C-26, introduced by the federal government in 2022 to increase baseline levels of cybersecurity in critical infrastructure sectors, including telecommunications, finance, energy, and transportation.
Cyber risk insurance provides an additional layer of protection
Canadian organizations are increasingly looking to their insurance companies for an additional layer of protection from the damaging impacts of cyber attacks. More than eight in 10 organizations (82 per cent) report having cyber risk insurance coverage, up over time from 59 per cent in 2021.
The survey results also show that cyber risk insurance continues to evolve. More than eight in 10 organizations (82 percent) say their providers have made a variety of changes to their coverage in response to the rapidly changing cyber threat landscape in Canada. These include a requirement to verify the security measures organizations have in place (39 per cent), increased premiums (38 per cent), changed eligibility criteria for obtaining and renewing coverage (37 per cent), and a reduction in the amounts reimbursed to policy holders that experience ransomware attacks (30 per cent).
Contracts with third-party vendors are also seeing significant changes. Seven in 10 cybersecurity professionals say that cybersecurity measures or audit controls are now common requirements in these contracts, up over time from 56 per cent in 2021.
Partner with us: How CIRA can help you reach your cybersecurity goals
Eric is a Product Marketing Manager with CIRA Cybersecurity Services. His background in digital marketing has led him to appreciate the vital role data plays for Canadian organizations and individuals, and the need to keep it safe. Eric has an MBA in International Business from Sup de Co La Rochelle.
