According to PwC’s Global State of Information Security (GSISS) Survey 2016 (www.pwc.com/ca/gsiss), Canadian companies are taking steps towards establishing holistic, integrated safeguards against cyberattacks. While investment in safeguards against cybersecurity threats have increased by 82% year over year, it still accounts for an average of only 5% of overall IT (Information Technology) spending.

Because of the impact cybersecurity attacks can have on the overall health of a company and a brand, boards are playing an increasingly significant role in informing the development of cybersecurity strategies. In fact, this year’s report found that 50% of Canadian companies surveyed indicated that their board participates in defining their organization’s security budgets, compared to only 25% in 2014.

As part of an expanding digital service offering PwC Canada is launching, Game of Threats, a digital game that simulates the speed and complexity of real-world cyber breaches to help executives better understand how to resource and protect companies. Using gaming theory, the interactive game replicates real-world challenges faced by companies on a daily basis.  Users will learn about different threats, identify reputational, operational, financial and regulatory impacts as well as understand what can be done to prevent an attack.

“Overall, the Canadian data provides solid evidence that Canadian companies are taking steps towards mitigating cyberattacks but the threat is still very real,” says Richard Wilson, partner, Cybersecurity & Privacy Practice, PwC Canada. “Canadian business and public sector leaders need to better understand the full range of impacts a cybersecurity breach can have on their organizations. This issue has evolved far beyond data loss. Beyond financial and reputational damages, we are seeing impacts to competitiveness, product and service quality, employee retention, and the health and safety of both employees and the public.”

“There are 3 areas where public and private sector organizations are heavily investing in cybersecurity right now,” adds David Craig, partner, Cybersecurity & Privacy Practice, PwC Canada. “Solutions to manage how employees, customers and third parties access and use data, outsourced Managed Security Services to monitor and detect security events more efficiently, and data privacy compliance in anticipation of mandatory breach notifications.”

According to the GSISS report, harnessing the power of cloud-based cybersecurity as a viable tool in Canada has led companies to greater productivity such as streamlined monitoring, advanced authentication, and threat intelligence.  Overall, Canadian companies surveyed matched their global counterparts on the adoption of cloud-based cybersecurity services.