Global State of Information Security® Survey 2018

Strengthening digital society against cyber shocks: How prepared are Canadian organizations?

Across the globe, organizations are racing to implement new technologies, using data to innovate and provide value in an increasingly interconnected world. But to thrive in the digital world, organizations must recognize and protect themselves from the constantly evolving cyber threat landscape and build resilience to cyber shocks—large-scale events with disruptive consequences.

Our Global State of Information Security® Survey 2018 reveals that organizations are struggling to comprehend and manage emerging cyber risks in today’s complex digital society. Our findings are based on interviews with 9,500 business and technology executives from 122 countries, including 296 Canadian respondents. Explore the Canadian insights below.

“Industry and government leaders must work across organizational, sectoral and national borders on digital interconnectivity risks to achieve greater cyber risk resiliency and build trust in digital society.”

Sajith NairCybersecurity & Privacy Leader at PwC Canada

Business leaders see new risks tied to emerging technologies

Business leaders are becoming more aware of new risks associated with emerging technologies. As a result, security budgets have increased by 73% on average in Canada. But just over half of the Canadian respondents (52%) say their corporate boards actively participate in their organization’s overall security strategy. Senior leaders driving the business must take ownership of building cyber risk resilience and integrate it into business operations.

A company’s cyber risk management strategy should be informed by a solid understanding of the cyber threats facing the organization—and awareness of which key assets need the greatest protection. There should be a coherent cyber risk appetite framework for decision making and to drive a cyber risk management culture.

Organizations need to dig deeper to uncover cyber risks

Despite an increasing awareness of disruptive cyber risks, organizations are unprepared to deal with them. Most of the Canadian respondents don’t actively examine their defences—and only half run drills at least annually for cyber attacks. Failure to prepare is preparing to fail.

In addition, failure of one organization could have a domino effect on another organization’s operations. Working closely and collaborating with industry peers and sharing intelligence are often the best ways to tackle the latest threats. Nearly 60% of Canadian respondents formally collaborate with industry peers to improve security and reduce the potential for future risks. Collaboration will help Canada build herd immunity to protect digital society.

Customer records are the most compromised data

Nearly half of the Canadian respondents indicated that customer records were impacted by security incidents. This is a troubling number considering the rising privacy expectations from regulators not only in Canada but globally. In particular, Canadian organizations handling European Union residents’ data could incur severe data breach penalties (up to 4% of global revenue) once the General Data Protection Regulation comes into effect in May 2018.

According to our latest Consumer Intelligence Series survey,, 85% of consumers in the United States won’t do business with a company if they have concerns about its data security practices. Whether or not consumers follow through on this promise, they clearly have high expectations when it comes to data security.

Organizations aren't prepared for insider risk

Canadian respondents said incidents attributed to external actors have declined, while those attributed to insiders, such as third parties and employees, have stayed about the same or increased.

Only 15% of Canadian respondents reported they have assessed insider risk threats and vulnerabilities. In addition, insider threat programs aren’t a top priority for them over the next 12 months. Organizations seem to have an inherent trust that insiders won’t cause them harm. Also, there seems to be an overemphasis on external actors since external breaches often dominate news headlines.

Insiders can cause significant damage to an organization. They have internal access and good knowledge of the environment. This risk grows when external players influence insiders. As Canadian organizations expand their operations globally, they’re exposed to insiders with different geopolitical and socio-economic pressures.

Digital transformation is driving security spend

Over half of Canadian respondents agree that risk alone drives security spending. About 30% disagree, and the rest of the respondents are on the fence. Most Canadian organizations (74%) say their security spending is aligned with the revenues of each line of business.

Canadian organizations are facing disruption from new market entrants, emerging technology and an ever-changing threat landscape. In order to stay competitive and innovate in the digital world, they’re revisiting their security models to balance risk and opportunity. A total of 66% of Canadian respondents said digital transformation has increased security spending.

Our cybersecurity and privacy practice

At PwC we don’t just protect business value—we create it. Using cybersecurity and privacy as tools to enable trust in a digital, data-driven world, we can help you move confidently towards new possibilities.

Learn more about cybersecurity and privacy and how we can help your organization.


{{contentList.dataService.numberHits}} {{contentList.dataService.numberHits == 1 ? 'result' : 'results'}}

Contact us

Sajith Nair

Partner, Cybersecurity & Privacy, PwC Canada

Tel: +1 416 815 5185

Richard Wilson

Partner, Cybersecurity & Privacy, PwC Canada

Tel: +1 416 941 8374

David Craig

Partner, Cybersecurity & Privacy, PwC Canada

Tel: +1 416 814 5812

Justin Abel

Partner, PwC Canada

Tel: +1 403 509 7522

Kartik Kannan

Partner, PwC Canada

Tel: +1 604 806 7082

Follow PwC Canada