April 24, 2023
Infographic: How Does Your Industry’s Cybersecurity Stack Up?
The increased frequency and sophistication of cyberthreats in recent years has underlined the importance of penetration testing – a tool that helps organizations evaluate and identify IT system vulnerabilities before hackers can exploit them.
To better understand the state of penetration testing amongst Canadian organizations and the various cybersecurity challenges they face, CDW Canada commissioned its second annual penetration test survey. A total of 500 Canadian IT professionals at companies/organizations with at least 20 employees, from multiple industries, were surveyed to examine their current state of cybersecurity, how they respond to security breaches and their top penetration testing challenges.
The increased frequency and sophistication of cyberthreats in recent years has underlined the importance of penetration testing – a tool that helps organizations evaluate and identify information technology (IT) system vulnerabilities before hackers have a chance to exploit them. Some industries are early adopters, but for others their cybersecurity frameworks remain a work in progress. The infographic below highlights general trends regarding the state of penetration testing in Canada for business/professional services, education and government organizations.
Remote and hybrid work models heighten security risks
Nearly all organizations regardless of sector reported that a shift to remote/hybrid work increased their security risks. This is an area where penetration testing can play an important role.
of business/professional services organizations reported that remote/hybrid work has heightened their security risk.
of government organizations reported that remote/hybrid work has heightened their security risk.
Business/professional services have bolstered cybersecurity
Across industries, IT professionals working in the business/professional services sector seem most likely to report challenges with overall security in the last year (70 percent) and have prioritized penetration testing as a first line of defence.
of IT professionals working in business/professional services say their organizations are making investments in penetration testing, a 57 percent increase from 2022.
of business/professional services organizations who perform penetration testing and/or comprehensive security assessments do so at least quarterly. This is significantly more frequent than at organizations in other sectors.
of business/professional services organizations perform penetration testing, a 38 percent increase from 2022.
Education sector is doing its cybersecurity homework
While the education industry has historically lagged regarding adoption of advanced cybersecurity frameworks, they are making significant progress. Research reveals two-thirds (67 percent) of education organizations conducted penetration testing, up from just half (49 percent) last year. An observation here may be that organizations in this sector are seeing greater improvements to their overall security as a result.
of IT professionals working in the education sector reported that their organization’s security has experienced overall improvements in the last year.
of education organizations reported making investments in penetration testing.
Government organizations could benefit from stronger frameworks
Other industries appear to be showing a disconnect between their cybersecurity intention and their efforts to address it. While government organizations universally say they take security and protecting against threats seriously (100 percent), our research also suggests they are among the least likely sector to perform penetration testing (66 percent) as part of their regular cybersecurity maintenance.
of government organizations report taking security and protecting against threats seriously, but just 66 percent perform penetration testing and/or comprehensive security assessments
Tailored attacks exploit biggest weaknesses
Every industry has been impacted by the rise of cybercrime, but the nature of cyberattacks differs. Cybercriminals often tailor their approaches to target specific vulnerabilities that may exist in different types of businesses. The most common security breach reported by business/professional services organizations was email compromise (42 percent).
The most common security breach reported by business/professional services organizations was email compromise.
Reputation is on the line
Among organizations that experienced a security breach in the last year, the most cited consequence reported was the loss of productivity (54 percent).
of business/professional services organizations reported a loss of reputation following a security breach.
In the ever-expanding digital world, everyone is exposed to the risk of cybercrime and it is vital to ensure your organization has a comprehensive and combative strategy in place to protect data.
About this Study
These are the findings of a survey conducted by CDW Canada from March 14-17, 2023 among a sample of n=500 IT professionals at companies and organizations in Canada with at least 20 employees. For comparison purposes only, a sample of this size would yield a margin of error of +/- 4.4 percentage points at a 95% confidence level. The survey was offered in both English and French.