Canadian CISOs are the biggest proponents of fighting ransomware attacks through prevention rather than just detecting and responding to them, according to an international survey.
Eighty-seven per cent of the 100 Canadian respondents said prevention rather than detection is the focus of their organization’s defence against ransomware. That’s well above the average of 59 per cent for CISOs in 14 countries questioned earlier this year for Proofpoint’s annual Voice of the CISO survey (Registration required).
Second to Canada among those leaning towards prevention were respondents from Australia (75 per cent), followed by the U.K. (70 per cent) and France (65 per cent). Fifty-eight per cent of American respondents said their organization’s strategy focused on prevention rather than detection.
Most experts feel prevention against any type of cyber attack is better than relying on detection.
On the other hand, the report notes, four in 10 CISOs said their organization doesn’t a plan for whether it would pay a ransom if there was a successful attack.
The 2022 Voice of the CISO survey was conducted between Feb 22 and March 8 involving 1,400 chief information security officers from organizations of 200 employees or more across different industries in 14 countries: the U.S., Canada, the U.K., France, Germany, Italy, Spain, Sweden, the Netherlands, the United Arab Emirates, Saudi Arabia, Australia, Japan and Singapore. One hundred respondents replied from each country.
Canadian CISOs whose firms have cyber insurance are also more optimistic than their peers that it “will be there when needed.” Eighty-eight per cent trust in their coverage, compared to a global average of 58 per cent. Only 49 per cent of American CISOs believe their organization’s cyber insurance will pay out when needed.
Canadian cyber security respondents were also more optimistic than their peers that their employees understand the role they play in protecting their organizations against cyber threats. Overall, 60 per cent of respondents agreed with that statement. By comparison 87 per cent of Canadian respondents agreed their employees understand they play an important role in cybersecurity. That, by the way, was up from 48 per cent in the 2021 survey.
Interestingly, 78 per cent of Canadian CISO respondents believe human error is their organization’s biggest cyber vulnerability. Only 49 per cent of U.S. respondents agreed with that statement. Globally the number was 56 per cent.
On the other hand, Canadian CISOs respondents were much less confident about their cyber security posture than their counterparts. Seventy-two per cent said they felt at risk of suffering a material cyber attack in the next 12 months, compared with 50 per cent last year. The global average was 48 per cent.