Canadian infosec teams still don’t get much respect from management, if a new survey from consulting firm EY is representative.
The report, released Thursday, shows that only 24 per cent of Canadian executives surveyed said their organizations bring cyber and privacy in at the planning stage of projects. Forty per cent of executives said their organizations view the relationship between security, product development, and R&D teams as neutral, characterized by low levels of consultation.
Only 34 per cent of executives described cyber as flexible and collaborative. In fact, 73 per cent of Canadian executives said the cyber function in their firm doesn’t enable innovation.
For their part, almost a quarter of CISOs surveyed said their teams aren’t consulted, or are consulted too late, on strategic decisions.
The results were part of a global survey of 1,010 organizations, including 71 Canadian
respondents, carried out between March and May. CISOs and other C-suite professionals
made up half of the respondents; the others were C-1 cybersecurity professionals. The global report was released in July. The Canadian numbers were released today.
“It’s no longer acceptable to invite cybersecurity and privacy late to the party — doing so can lead to costly ramifications,” Yogen Appalraju, EY Canada‘s cybersecurity leader., said in a statement accompanying the release of the report.
“Achieving organizational synergies will require a true culture shift to enable more collaboration, integration among operations and a renewed emphasis on delivering long-term value for stakeholders right from the start. There’s a big opportunity to invest in internal education, to demonstrate the value cybersecurity brings to the table, while making cyber professionals feel like respected members of the team.”
“Progressive organizations are exploring how cybersecurity can creatively protect new products, digital offerings and broader business improvement initiatives,” he said. “By prioritizing innovation alongside security and privacy, businesses can help build solutions that are more secure at a time when stakeholders are increasingly concerned about their privacy in a hybrid business world.”
EY urges organizations to assess connection points between CISOs and the broader leadership team to ensure cybersecurity and privacy are represented at all the right executive leadership tables. This should include addressing heightened concerns and cyber visibility at the board level as well.
Second, cyber team members should be integrated directly within IT, application development, business development, product design, and other areas of the business so they can weave safety and privacy thinking into the dialogue earlier on.
And third, the consulting firm urges management to draw a new R&D framework with a focus on privacy and security. Refreshing processes and guidelines for research and development should allow cybersecurity and privacy experts to step in the earliest stages of work.
The full report can be downloaded here. Registration is required.