Photograph: Laurence Dutton, Getty Images
In the Face of the proliferation of data thefts that have affected both large and smaller organisations, the guard dogs for the protection of privacy have been asking for several years of tightening major legislative measures in Canada.
In spite of the leakage of personal information, which charged regularly in the chronicle and disrupted the lives of citizens, Canada appears to be lagging behind the rest of the world in relation to the involvement of the boards of directors of companies in the analysis of cyber-security and in the establishment of strategies to adopt, suggests a survey from Ernst & Young (EY).
Conducted from August to October 2019, the survey shows that 21 % of canadian respondents believe that the board of their company understands “how to properly assess the risks” related to cyber security, compared to 48 % globally. Furthermore, 34 % of canadian respondents say their company does ” not set [his] risk to cyber security “, compared to 16 % for all countries surveyed ; and 42 % of respondents in the world said that the council has participated in the approval of the strategy and of the security budget, compared to 15% in Canada.
It should be noted that the survey has collected the opinion of 1300 people in the world (leaders, responsible technology, etc), with a canadian sample limited to 47 people. That said, how do you explain such a gap between the Canada and what is observed in other countries ? “It is a question that even we have difficulty to understand,” admitted in the interview, the leader of cyber security at Ernst & Young in Quebec, Nicola Vizioli. “I think that the canadian company is living the same risks as the rest. It seems, however, that the investments are more accelerated in other countries, such as the United States and Europe. It follows with six months or a year of delay in investment. “
It is the proportion of canadian respondents believe that the board of their company understands “how to properly assess the risks”, compared to 48% globally, according to the survey of Ernst & Young.
In order to increase the sample of responses collected, EY intends to modify the moment of the survey, a duration of an hour and a half, is sent to canadian respondents potential to avoid that accords directly with the holiday period. Also, said Mr. Vizioli, it may happen that firms are reluctant to respond, to the extent that cybersecurity is a sensitive topic.
In the Face of the proliferation of data thefts that have affected both large and smaller organisations, the guard dogs for the protection of privacy have been asking for several years of tightening major legislative measures in Canada, including the enforcement of penalties clear to the companies negligent. Europe is often erected as a model to follow, its authorities did not hesitate to impose significant fines to companies that have suffered leaks of information from their customers.
If he wanted to stimulate investment in data protection, the government could give teeth to its laws, which empowers the leaders, said Mr. Vizioli. “Before the COVID-19, we talked about it, but the discussion has been put to one side. However, even with the COVID-19, it would be necessary to accelerate the tightening of the laws. If you want to do well, it will be necessary to align with european standards and other countries. “
“When you develop a portal, or an application for a client, there are several reasons to incorporate security at the start “, said Micho Schumann, a consultant in cyber security. “If it is returned to the end, and that we haven’t thought about it, there are probably additional costs, because it is necessary to change things, go back, etc” For a few years, large companies are more likely to have a head of information security, according to Mr. Schumann. The practice even extends to the municipal world, for example. The City of Montreal has created this position in 2017.