MONTRÉAL, Oct. 25, 2023 /PRNewswire/ – Bell released a study on the state of cybersecurity in Canadian businesses today, highlighting new data that security leaders can use as they strategize to protect their organizations, with particular focus on securing the cloud.
Bell conducted a study of 402 Canadian organizations across public and private sectors to learn how they’re succeeding and to see which activities can drive improvements. The most important outcomes that C-level executives are looking to drive are:
- Meeting/exceeding compliance objectives
- Maintaining a high level of confidence in security posture to business stakeholders
- Achieving the best possible rates for cyber insurance
- Having highly satisfied security staff (and lower turnover rates of security personnel)
- Avoiding cybersecurity breaches in the past 12 months
To identify factors that correlate with success outcomes, Bell asked respondents questions about their organization’s on-premises and cloud security practices. The result is a list of 29 factors that cover Governance & Culture, Teams & Talent, Cloud Security Practices, and Automation & Integration efforts. Of note, while many organizations report a high level of achievement across multiple key security outcomes, only 1.6% of Canadian businesses report high achievement on all top five indicators.
While breaches are the most direct performance indicator of any security program, most CISOs (Chief Information Security Officers) Bell surveyed found performance against compliance requirements and the ability to retain talented staff as important indirect indicators.
So, what is the recipe for security success?
Notably, success is often not determined by budget. Reinforcing findings from the 2022 study by IDC which Bell participated in, organizations with the largest security budgets are not necessarily more secure. Other factors identified in this study matter more. While many of the factors Bell identified may require dollar investment as well as time, optimized resource allocation trumps total budget size.
Organizations with well-defined security governance outperform their peers. To be most successful, security governance is a process that ideally takes a collaborative approach across the business. In part because executing well on technical guardrails (e.g., configuration management, policy as code, access management, etc.) relies on agreed-upon risks, boundary lines and responsibilities from across the organization.
It might seem counterintuitive, but the only governance factor found to coincide with a significantly reduced likelihood of reporting a breach was a mentality among business leaders to embrace change and be open to taking risk. Being open to change (and calculated risk) can mean the early adoption of new technologies, improved employee morale, and other factors that reduce the risks of a breach.