https://community.isc2.org/t5/Governance-Risk-Compliance/Canadian-companies-averaged-25-cybersecurity-incidents-in-past/m-p/64338#M991 <P>According to the most recent EY 2023 Cybersecurity Leadership Insights study, 81% of Canadian companies have averaged&nbsp; 25 Security in the past year....</P><P>&nbsp;</P><P><EM><A href="https://www.consulting.ca/news/3761/canadian-companies-averaged-25-cybersecurity-incidents-in-past-year" target="_blank">https://www.consulting.ca/news/3761/canadian-companies-averaged-25-cybersecurity-incidents-in-past-year</A></EM></P><P>&nbsp;</P><P>I have not been able to see the entire report yet but find it hard to believe that 81% of Canadian Companies have had this happen.&nbsp; &nbsp;</P><P>&nbsp;</P><P>If anyone has the study, would you send a link?</P><P>&nbsp;</P><P>d</P><P>&nbsp;</P> Wed, 08 Nov 2023 00:42:16 GMT dcontesti 2023-11-08T00:42:16Z https://community.isc2.org/t5/Governance-Risk-Compliance/Canadian-companies-averaged-25-cybersecurity-incidents-in-past/m-p/64338#M991 <P>According to the most recent EY 2023 Cybersecurity Leadership Insights study, 81% of Canadian companies have averaged&nbsp; 25 Security in the past year....</P><P>&nbsp;</P><P><EM><A href="https://www.consulting.ca/news/3761/canadian-companies-averaged-25-cybersecurity-incidents-in-past-year" target="_blank">https://www.consulting.ca/news/3761/canadian-companies-averaged-25-cybersecurity-incidents-in-past-year</A></EM></P><P>&nbsp;</P><P>I have not been able to see the entire report yet but find it hard to believe that 81% of Canadian Companies have had this happen.&nbsp; &nbsp;</P><P>&nbsp;</P><P>If anyone has the study, would you send a link?</P><P>&nbsp;</P><P>d</P><P>&nbsp;</P> Wed, 08 Nov 2023 00:42:16 GMT https://community.isc2.org/t5/Governance-Risk-Compliance/Canadian-companies-averaged-25-cybersecurity-incidents-in-past/m-p/64338#M991 dcontesti 2023-11-08T00:42:16Z https://community.isc2.org/t5/Governance-Risk-Compliance/Canadian-companies-averaged-25-cybersecurity-incidents-in-past/m-p/64355#M994 <BLOCKQUOTE><HR /><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/715155969">@dcontesti</a>&nbsp;wrote:<BR /><P>...81% of Canadian companies have averaged&nbsp; 25 Security [incidents] in the past year ... hard to believe ...</P></BLOCKQUOTE><P>Will be interesting to see how EY defined "security incident".&nbsp; Guessing it&nbsp;did not establish a minimum business loss (time/money).&nbsp;&nbsp;</P><P>&nbsp;</P><P>Two examples of why this matters: A colleague's highly privileged account was used 120 miles from our office. IR team called; the colleague confirmed attended to a break/fix call while visiting that location.</P><P>&nbsp;</P><P>And, a few weeks ago, our SIEM flagged a command I ran as an IOC.&nbsp; IR team calls, confirms it was me, that this fits within my role, and then whitelisted the command for my team.</P><P>&nbsp;</P><P>In both cases, something unusual was observed, a incident ticket was created and there was an of investment of time to investigate and resolve. Both tickets show 1 hour and 0 dollars, so they will be included in our workload metrics, but not in the business-facing reports.</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 08 Nov 2023 03:26:35 GMT https://community.isc2.org/t5/Governance-Risk-Compliance/Canadian-companies-averaged-25-cybersecurity-incidents-in-past/m-p/64355#M994 denbesten 2023-11-08T03:26:35Z