Digital resilience for Canadian private companies

16 June, 2023

Umang Handa, Partner, National Cybersecurity Managed Services Leader, PwC Canada
Alvin Madar, Partner, Cybersecurity, Privacy and Financial Crime and National Cybersecurity Leader, PwC Canada

Three steps to enhance cybersecurity amid increasing digitization and the rise of generative AI

Cybersecurity threats are clearly on the agenda of many of Canada’s private companies. According to our 26th CEO Survey, 45% of Canadian private company respondents are looking to increase investments in cybersecurity and data privacy to help manage exposure to geopolitical risks.

Private companies may not be the obvious focus of geopolitically linked cyberattacks, but the reality is no one, not even smaller and mid-sized businesses, is immune to threat actors who are constantly looking for the easiest and fastest target to exploit. And as we found in our recent Canadian Threat Intelligence report, other threats continue to emerge and evolve, including those related to the rapid growth of generative artificial intelligence tools.

Generative AI technologies haven’t been fully tested for cyberattacks, and given the lack of human oversight they can entail, companies need to make sure they fully understand the risks and how to address them. This means that for private companies looking to use new AI tools, introducing purposeful cybersecurity controls will be critical. As is the case with any move to adopt new technology or digital tools, incorporating the right cybersecurity measures from the start will be key to ensuring the company is resilient as it transforms.

Three steps for enhancing cybersecurity resilience

This complex environment makes it even more important for Canadian private companies to move ahead with the cybersecurity investments they’ve told us they’re planning. But with competing priorities for resources and attention, they’ll need to take a strategic approach focused on the investments that promise the biggest impact while ensuring they have the skills, people and capabilities to operate their cybersecurity program to its full potential.

What does a more strategic approach look like? We suggest the following three steps can help private companies enhance cybersecurity effectiveness and resilience:

Number one

Identify your cyber risks and priorities

A private company is unlikely to have the resources to fully mitigate against every potential threat. This is why the first step is to understand what’s most important to you to protect and identify where that information is within the business. You can then identify the specific risks related to that information and the various dependencies involved and prioritize your cybersecurity controls and investments accordingly.

This step is key to developing a coordinated and tested plan to mitigate your top risks as well as effectively respond to and recover from an incident. As you go through this exercise, it’s useful to incorporate metrics that measure compliance risks, cyber maturity and privacy capabilities and help you track the progress of your cybersecurity program.

As part of this assessment, it’s important to consider the full range of threats, including those related to third parties and from insiders like employees who may—whether intentionally or not—create vulnerabilities. And for organizations moving to the cloud, remember that when migrating applications or infrastructure, you may need to reconfigure the standard security settings as they won’t necessarily give you the level of protection you need.

Number two

Simplify your cyber portfolio

For Canadian private companies that have yet to build a cybersecurity portfolio, now is the time to change that. For those that already have a cybersecurity portfolio, a key step to making the most of investments in new tools is to look at opportunities to simplify your existing set of solutions. While new tools to prevent, detect and respond to attacks can be very powerful, more isn’t necessarily better when building or assessing a cybersecurity portfolio.

Some companies, in fact, have doubled the number of cybersecurity tools they use, which can create its own set of challenges. Too many tools and vendors can add complexity, hold back risk reduction and increase costs.

By rationalizing your cybersecurity stack, you’ll end up with fewer applications that are easier and less expensive to manage. You’ll also gain better visibility into and control of your cybersecurity tools, reduce redundancies and complexity and increase integration while streamlining and improving threat monitoring. For private companies, one possibility is to look at a suite of integrated cybersecurity solutions offered by some of the large technology players that can provide the right level of protection needed by small- and medium-sized businesses.

Number three

 Amplify your cyber capabilities

While having an effective and manageable set of tools is key, so is having the right talent to ensure proper operation of your cybersecurity program. But finding that talent is becoming more challenging, with estimates suggesting millions of cybersecurity roles have been going unfilled. In the meantime, the need for key talent continues to grow as organizations look to increase situational awareness through continuous monitoring, threat detection and response.

Talent pressures are particularly challenging for small- and medium-sized companies given that they’d need several employees to ensure 24-hour daily coverage. For many private companies, this wouldn’t be cost-effective, which is why many are turning to trusted partners to help run their cybersecurity operations. This not only helps manage their cybersecurity budgets but also gives companies access to key skills and insights into emerging threats while ensuring better and lasting outcomes from their investments.

Helping you grow and transform with confidence

It’s promising to see plans by Canadian private companies to invest in cybersecurity this year given the evolving threat landscape. And beyond helping them stay ahead of emerging threats and trends, having strong cybersecurity protections is also important as an enabler of growth and, critically, in mitigating the vulnerabilities their digital transformation initiatives can open up.

For more insights into key cybersecurity issues, including those related to AI, read our latest Canadian Threat Intelligence report. And to discuss how our next generation of cybersecurity managed services can help private companies take a strategic approach to digital resilience, contact us any time.

Our services are scalable and flexible to the needs of private companies, and you can count on our community of solvers to deliver more value through insights into how you can continuously improve your cybersecurity program, further enhance your resilience and reduce long-term costs and risks.


Contact us

Umang Handa

Umang Handa

Partner, National Cybersecurity Managed Services Leader, PwC Canada

Tel: +1 416 815 5208

Alvin Madar

Alvin Madar

Partner, Cybersecurity, Privacy and Financial Crime and National Cybersecurity Leader, PwC Canada

Tel: +1 604 806 7603

Follow PwC Canada