The financial stress squeezing Canadian organizations by the COVID-19 pandemic may be showing in IT hiring according to a survey from the Canadian Internet Registry Authority.
Only one-third of respondents anticipate their organization will increase the number of people devoted to cybersecurity this year. That’s down from 45 per cent who thought their organization would be hiring in 2019. About 10 per cent of respondents thought they will have fewer resources to work with this year.
Meanwhile, about 30 per cent of respondents said their organization has seen a spike in the volume of cyberattacks during the pandemic.
These are among the results of a survey of 500 workers with responsibility for IT security and who manage a minimum of 50 users of desktops or mobile devices for at least 20 per cent of their work.
“It seems like there will be no cavalry to call in and save the day,” the CIRA report concluded from the numbers. “Fewer organizations than last year are expecting to invest more resources into cybersecurity, both in terms of human and financial resources. Perhaps that’s why we see concern growing around the potential negative impacts on cybersecurity on organizations.”
“Our research shows that COVID-19 has fundamentally transformed cybersecurity,” commented Jacques Latour, CIRA’s chief security officer. “The threat landscape has changed, but, most importantly, the pandemic has created an environment of anxiety and uncertainty that cyber-thieves are exploiting. Now more than ever, cybersecurity is an issue no organization can ignore.”
Among other findings:
- Just over half of the respondents said their organization implemented new cybersecurity protections in response to COVID-19.
- One-quarter of organizations experienced a breach of customer and/or employee data in the last year. Another 38 per cent don’t know if they did or not.
- Seven in 10 surveyed are concerned with data flow through countries other than Canada.
- One-third of respondents said they used personal devices for work purposes.
The report’s authors also said the data raises a question about whether Canadian organizations are ignoring requirements to report data breaches to regulators.
Sixty-six per cent of respondents said their organization stores personal information of customers, employees, suppliers or partners. Of those 24 per cent suffered a data breach. When asked “Which of the following, if any, did you inform about the data breach?”, half of the respondents said management, 44 per cent said customers and 36 per cent said a regulatory body.
The report’s authors said this last number suggests a problem. In the 2019 survey 58 per cent of respondents said they reported a breach to regulators. This year’s survey was 12 per cent lower. As a result, the authors suggest there is “non-compliance” with the obligation to report a breach under federal privacy law.
However, the question is open to interpretation. It asked the IT respondents who they reported the breach to. It didn’t ask if someone else in the organization reported the breach to a regulator.
This possibility was put to Spencer Callaghan, CIRA’s manager of product communications. “The question is phrased the same way as last year so we felt the drop was noteworthy given that the (breach) disclosure requirements are now fairly well known.”