BAE Systems Applied Intelligence research unveils “Cyber Conundrum” amongst Canadian businesses

Feb. 27, 2014 - PRLog -- A new international report from BAE Systems Applied Intelligence today reveals a curious combination of confidence and concern amongst Canadian respondents when asked about their attitudes towards cyber security. On the one hand, the research found that of all the countries surveyed, Canadian respondents were the most likely to be confident that their organizations were well equipped to prevent targeted cyber attacks – with 92% of Canadian respondents saying they were confident, compared to 90% in the UK, 87% in the US and 84% in Australia.¹

On the other hand, however, Canadian respondents were least likely to be confident when asked about their Board’s grasp of the cyber threat, with a significant proportion of Canadian respondents (36%) saying they did not believe that their Board of Directors fully understood the risks presented by cyber.

The new research, “Business and the Cyber Threat: the rise of Digital Criminality”, which was conducted in Fall 2013, details business concerns and opinion around cyber and indicates a strong demand from major global companies for greater intelligence on the nature of new cyber threats and a better understanding of business vulnerability. The research found that the majority of Canadian respondents (80%) expected the number of targeted cyber attacks to increase over the next two years. However, of all the countries surveyed, Canadians were least likely to say this number would increase significantly (30% compared to 40% of all respondents).

In another divergence away from the international survey group as a whole, when asked which groups were most likely to mount a targeted cyber attack, Canadian respondents identified hobbyist hackers (60%) as the top ranking threat, compared to 46% internationally. In contrast, each of the other countries ranked organized groups of fraudsters as the chief threat group (55% of respondents internationally), compared to 48% of Canadian respondents.

To investigate further, the research then explored which tools respondents believed would help their Boards to take greater action to prevent cyber attacks. Having case studies from within their sector (advocated by 58% of respondents in Canada) and having a clear understanding of vulnerabilities (52%) were the most popular responses. Canadians were less likely than respondents in the US and UK to have engaged in cyber security initiatives – 38% of Canadian respondents, compared to 52% of US respondents and 43% of UK respondents.

Additional research carried out by BAE Systems Applied Intelligence in the past month quantifies the impact on Canadian businesses following a wave of high-profile cyber attacks in December 2013 and January 2014. The attacks on international businesses, which included banks and retail giants such as Target, led to a significant 54% of Canadian businesses increasing their cyber security budget.

This second wave of research also found that that 77% of Canadian respondents said that their organization had increased their cyber security budget in the previous 12 months and that 54% of Canadian companies regard the threat from cyber attacks as one of their top three business risks, mirroring the recent warning from the World Economic Forum that cyber attacks are among the 5 biggest threats facing the world in 2014.² This suggests that in spite of concerns around board engagement, the majority of Canadian businesses are taking significant steps to respond to the growth of digital criminality.

Martin Sutherland, Managing Director, BAE Systems Applied Intelligence, said:

“The research demonstrates there is a growing attentiveness of the increasing cyber threat, but more work needs to be done to raise awareness levels across Canadian organizations of the unique risks inherent in a coordinated cyber attack. We are now seeing a dangerous combination of organized criminal groups using highly-sophisticated cyber techniques to carry out financial crime on an industrialized scale.”

“As recent high-profile attacks around the world have demonstrated, there is no ‘silver bullet’ and a combination of robust processes, and controls, user awareness and vigilant security operations all have to play a part in protecting the enterprise. In order to adapt to the ever evolving threat landscape, companies will need to develop holistic threat intelligence management programs supported by security platforms that not only provide the raw intelligence data but also the ability to process and analyze large amounts of complicated information as quickly and clearly as possible.”

Further Canadian findings:

·         Cost: Canadians were least likely to have made a financial estimate in the event of a successful cyber attack—42% compared to 48% overall. Twenty-nine percent of Canadian respondents who had made an estimation expected that a successful cyber attack would cost their organization up toCAN$16 million, a further 24% said more than CAN$80 million.

·         Concern: Canadian respondents were more concerned about theft of information that details their strategic plans than any other market (28% compared to an overall response of 21%). When asked what they would be most concerned about in the event of a successful attack, the most common response was loss of customer data (58%), followed by theft of intellectual property (38%) and reputational damage (34%).

·         Confidence: Canadians were the most confident when asked if their company and their sector were well equipped to prevent targeted cyber attacks. The vast majority (92%) were confident in their organization’s ability to prevent targeted attacks compared to 88% overall. A similar majority (90%) were confident in their sector’s ability to prevent attacks versus 78% overall.

·         Crisis Plans: 30% of Canadian organizations surveyed did not have, or were unaware of, crisis plans in the event of a cyber attack on their company. Of those respondents who did have crisis plans, Canadians were the least likely to say these plans were well publicized, 37% compared to 54% overall.

The full report can be found at: http://www.baesystems.com/ai/cyberthreat