A sizable number of Canadian CIOs appear to be standing pat with their cyber security efforts, according to a survey by a staffing company.
Half of the almost 270 CIOs said they weren’t doing or planning to do any of five security-related activities this year, including hiring IT security staff, more employee awareness training and implementing multifactor authentication. The other half of the group said they are doing at least some of these.
That “really stood out,” Nima Mirpourian, vice president of managed technology solutions practice at Robert Half Technology, which hired a firm to conduct the survey.
By comparison, he added, when the same question was asked in 2015 of Canadian CIOs, 31 per cent of respondents said they were not doing any of the activities while 69 per cent said they were.
That nearly 20 per cent drop in saying ‘Yes’ to at least some of the activities suggests “fewer Canadian CIOs are taking measures for increased security,” he said. “Their focus has shifted… that’s a significant drop.”
However, respondents who said ‘no’ weren’t asked why they weren’t increasing activities in the five areas (the others were enhancing the vetting of firms that have access to your data, and contracting with third-party vendors or adding tools to help enhance security). CIOs who said ‘No’ to all five suggested activities might have done those in the last two years and saw no need to increase them this year.
Asked for his opinion on why half of the CIOs said ‘No,’ Mirpourian said “they may see data breaches as something that seems too far from the business to worry about. They may see it something that happens to other countries or international firms, not Canadian organizations. It might be a matter of costs that they put less of a focus on taking measures to increase security.” But, he says, protecting their data should be a priority.
Among those who said they were increasing activity,
- 40 per cent said they are adding IT security staff, up from 22 per cent in 2015;
- 40 per cent said they are implementing some sort of multifactor authentication, up from 21 per cent in 2015;
- 44 per cent said they were increasing awareness training, a drop from 53 per cent in 2015.
The number of CIOs who said they are enhancing the vetting of firms that have access to your data, and contracting with third-party vendors or adding tools to help enhance security was the same in both surveys.