Site Search

Loading Results

Are you securing against the most important risks today and tomorrow?

Only one in three Canadian organizations uses data and intelligence when making decisions. Those with the best cybersecurity outcomes globally over the past two years are 18x more likely to say data and intel are integral to their operating model.

Size up your risks—using data and intel—to realize opportunities

Chances are good that neither you nor your competitors are letting data inform your cyber risk management.

Fewer than two in five Canadian survey respondents (one in three globally) say they’ve integrated analytics and security intelligence tools into their cyber operating model.

These Canadian respondents scored lowest in their ability to turn data into insights for threat modelling, scenario building and predictive analysis—all critical technologies for smart cybersecurity decisions.

So many entities fail to benefit from today’s advanced intelligence tools and approaches. New types of internal data, data from new external sources, new data partnerships and information-sharing platforms can be important sources of security intelligence, but only about a quarter of respondents say they’re reaping benefits from these tools.

The other three-quarters are missing out. Businesses predicting an increase next year in their cybersecurity spending are in many cases the same enterprises whose operational models use security intelligence and data analytics. Data can not only help you spend your cyber budget wisely, but it can also help you get more to work with. The most improved (top 10% in cyber outcomes) global organizations are 18x more likely to state that these advanced approaches are integral to their operating model—a scenario we frequently see in Canada as well.


Executives underutilize data and intel for better decisions and risk management.


Canada
Global

Percentage who say these are integral to their operating model today:

Real-time threat intelligence
%
%
Cyber risk quantification, using FAIR or other methods
%
%
Use of generally accepted standards and frameworks in assessment and diagnostic tools
%
%
Policy and regulatory strategic intelligence platform
%
%
Common industry metrics and dashboards
%
%
Autonomous threat detection, including cognitive security
%
%
Threat modeling, scenario building and predictive analysis
%
%

Percentage who report realizing benefits from these tools and approaches:

New types of internal data we’ve not traditionally used
%
%
New data partnerships to complement and enrich our first-party data sources
%
%
Information sharing platforms with industry
%
%
Information sharing platforms with government agencies
%
%
New external sources of information we’ve not traditionally used
%
%

Questions: To what extent does your organization use the following tools and approaches when making decisions about cyber investments and responding to cyber risk? What best describes your organization's plans for using the following tools and approaches for better operational intelligence?
Base: 114 Canadian respondents; 3,602 global respondents
Source: PwC, 2022 Global Digital Trust Insights, October 2021

“In today’s system-of-systems world, cybersecurity can no longer be treated as a ‘too-hard-to-measure’ problem”

“In today’s system-of-systems world, cybersecurity can no longer be treated as a ‘too-hard-to-measure’ problem,” the US Cybersecurity & Infrastructure Security Agency argues. Still, as we saw above, only 30% of Canadian organizations quantify cyber risks today (26% globally).

The data you use to spot and understand threats, put a dollar figure on risks and prioritize them and predict cybercrime trends can be a powerful tool for convincing boards and the CEO to invest in your cyber program. On the other hand, if you’re having trouble getting the funding you need for cyber, you may need to do a better job of quantifying your cybersecurity risk.

By the same token, data can help you stay apprised of real-time risks and adjust security tactics and strategies as the business shifts. Globally, respondents in five business sectors said the most important reason to quantify cyber risk is “to continuously evaluate our risk landscape and priorities against changing business objectives.” Enterprise leaders recognize that risks are always in a state of flux and that data is the tool that lets them monitor and measure changes.

Sizing up risks is also important for sizing up opportunities and linking cyber-threat narratives to business narratives that the C-suite and boards can understand. A growing number of Canadian organizations recognize the importance of cybersecurity to business—but many still have a long way to go. Between 33% and 49% claim “significant progress” linking the two (37% and 42% globally), while 9% to 16% say they’ve made little or no progress aligning cyber and business goals (16% to 18% globally).


Executives want to size up cyber risks in continually changing risk landscape

Canadian rank Global rank
To help evaluate and communicate risks in line with a defined risk tolerance 1 3
To provide information on the return on security investments 2 9
To measure the contribution of our security capabilities to risk mitigation 3 4
To identify and justify improvements to, or transformation in, protective capabilities 4 2
To continuously evaluate our risk landscape and priorities against changing business objectives 7 1

Question: What are your organization’s most important reasons to quantify cyber risk?
Base: 114 Canadian respondents; 3,602 global respondents
Source: PwC, 2022 Global Digital Trust Insights, October 2021

The 2022 threat outlook

Our Canadian respondents do make predictions about the next 12 months. Seventy percent expect an increase in cybercrime (60% globally), and 55% say nation-state attacks are likely to grow (53% globally). Mobile, the Internet of Things and cloud top the list of anticipated targets. But the type of attack could take almost any form, in our respondents’ minds.

Ransomware (23% in Canada; 21% globally) narrowly edged out compromised business email (22% in Canada; 20% globally), cloud service attacks (22% in Canada and globally) and disinformation (22% in Canada; 19% globally) as most likely to see significant increases. And a long line of other attack types scored between 10% and 21%. Notably, 54% expect a rise in breaches via their software supply chain (56% globally), with 19% of Canadian and global respondents eyeing significant increases.


The 2022 threat outlook: Executives expect a surge in attacks and reportable incidents

Increase significantly Canada Global Increase Increase significantly Increase Reportable incidents 23% 38% 21% 36% Ransomware Attack on cloud services Disinformation Business email compromise Attack on hardware supply chain State-sponsored attack on critical infrastructure Attack on software supply chain Malware via software update Cryptomining Foreign influence in research and development 22% 37% 22% 36% 22% 37% 19% 33% 22% 33% 20% 35% 21% 34% 16% 34% 21% 29% 20% 33% 19% 34% 19% 36% 18% 43% 20% 36% 17% 39% 21% 33% 10% 46% 19% 34%
Threats via vectors Mobile Internet of Things Cloud service provider Third party Social engineering 25% 43% 27% 38% 24% 39% 26% 39% 24% 38% 23% 38% 20% 34% 19% 36% 13% 44% 23% 37%
Threats via actors Cyber criminals Current employee Third party or contractor Hacktivist/hacker Competitor Nation states Past employee 32% 39% 25% 35% 22% 32% 18% 30% 20% 31% 18% 33% 18% 40% 22% 36% 18% 32% 17% 33% 15% 40% 19% 34% 15% 33% 16% 26%

Questions: How do you expect a change in reportable incidents for these events in your organization? How do you expect threats via these vectors/actors to change in 2022 compared to 2021?
Base: 114 Canadian respondents; 3,602 global respondents
Source: PwC, 2022 Global Digital Trust Insights, October 2021
Takeaways

For the CFO and CRO

  • Work with the CISO in taking a quantified and risk-based approach to cyber budgeting that ties to business objectives.

For the CISO

  • Create a roadmap from cyber risk quantification to real-time cyber risk reporting.
  • Don’t stop at cyber risks. Tie the cyber risks to overall enterprise risks and, ultimately, to effects on the business.
  • With a fuller accounting of cyber risks, identify what works in your business model and where you might need to simplify.

Explore the 2022 Canadian Digital Trust Insights

How can CEOs make a difference to your organization? Is your organization too complex to secure? How well do you know the risks posed by your third parties and supply chain? 2022 Canadian Digital Trust Insights

Download the full report

Register to download the full 2022 Global Digital Trust Insights

Related content

Contact us

Naren Kalyanaraman

Naren Kalyanaraman

Partner, Cybersecurity, Privacy and Financial Crime National Leader, PwC Canada

Tel: +1 416 815 5306

Linkedin Follow Email
Alvin Madar

Alvin Madar

Partner, Cybersecurity, Privacy and Financial Crime and National Cybersecurity Leader, PwC Canada

Tel: +1 604 806 7603

Linkedin Follow Email
Follow PwC Canada

Contact us

Jennifer Johnson

Jennifer Johnson

Strategy & Transformation Leader, PwC Canada

Tel: +1 416 947 8966

Linkedin Follow X Follow Email
Sajith Nair

Sajith Nair

Managed Services Leader, PwC Canada

Linkedin Follow Email
Hide
Today's issues Top issues Acquisitions and Divestitures Building trust for today and tomorrow Compliance. Transformed. Crisis Cybersecurity, Privacy and Financial Crime Environmental, social and governance (ESG) Fit for Growth Future of finance Generative AI Workforce of the future
Insights All Insights Blogs CEO survey Cloud Technology Insights Director connect Generative AI Hub Podcasts Risk and Regulatory Hub Smart cities Strategy& strategy+business
Industries Industries Asset management Automotive Banking & capital markets Cannabis Consumer markets Energy Entertainment and media Financial services Government and Public Services Healthcare Industrial manufacturing Insurance Mining Power & utilities Private equity Real estate Technology sector Telecommunications innovation Transportation and logistics
Services Services Accounting Advisory Services Alliances Audit and Assurance Consulting Crisis and resilience Current Insolvency Assignments Data and analytics Deals Forensic Services Japanese Business Network Legal Managed Services Products PwC Private Risk Assurance Risk Modelling Services Tax Transformation and investment management
About us About Us 2023 new partners Board of directors Alumni Contact us Corporate responsibility Ethics and Code of Conduct Inclusion and diversity Our Canadian leadership team Our history Our offices locations Our people Our purpose, vision and values Press releases Procurement at PwC The New Equation Women in Leadership
Careers Careers Explore our business areas Student and new graduate opportunities Life at PwC Canada Benefits, flexibility and wellness Talent Community

© 2018 - 2024 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.