cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
dcontesti
Community Champion

Canadian companies averaged 25 cybersecurity incidents in past year

According to the most recent EY 2023 Cybersecurity Leadership Insights study, 81% of Canadian companies have averaged  25 Security in the past year....

 

https://www.consulting.ca/news/3761/canadian-companies-averaged-25-cybersecurity-incidents-in-past-y...

 

I have not been able to see the entire report yet but find it hard to believe that 81% of Canadian Companies have had this happen.   

 

If anyone has the study, would you send a link?

 

d

 

1 Reply
denbesten
Community Champion


@dcontesti wrote:

...81% of Canadian companies have averaged  25 Security [incidents] in the past year ... hard to believe ...

Will be interesting to see how EY defined "security incident".  Guessing it did not establish a minimum business loss (time/money).  

 

Two examples of why this matters: A colleague's highly privileged account was used 120 miles from our office. IR team called; the colleague confirmed attended to a break/fix call while visiting that location.

 

And, a few weeks ago, our SIEM flagged a command I ran as an IOC.  IR team calls, confirms it was me, that this fits within my role, and then whitelisted the command for my team.

 

In both cases, something unusual was observed, a incident ticket was created and there was an of investment of time to investigate and resolve. Both tickets show 1 hour and 0 dollars, so they will be included in our workload metrics, but not in the business-facing reports.