Cyberattacks increased by 29 percent in 2010, according to a survey of more than 500 Canadian organizations.
But the cost associated with these security breaches decreased by more than $654,000 – or almost 80 percent – during the same period.
The study, conducted by national communications company TELUS and the University of Toronto's Rotman School of Management, is the third annual survey of Canadian IT security trends. Insights were drawn from 523 public- and private-sector organizations that responded to 43 questions.
Most of the security breaches affected government entities, which experienced an average of 22.4 incursions – a 74 percent increase over 2009. Overall, the public sector experienced more than twice the number of breaches as private enterprises.
The report concluded: “Government agencies and corporation entities differ materially in what they consider a breach as they are driven by different regimes, security policies, and obligations to their principal stakeholders.”
The study also concluded that breaches are becoming more targeted. The number of respondents reporting incidents has declined, reflecting research conducted by TELUS Security Labs, which showed that cyberattacks now routinely use sophisticated methods designed specifically for monetary gain.
But, if hackers are becoming more sophisticated, the means of thwarting them are becoming more effective and the ability for organizations to contain them has increased. As a result, private companies reported losing the equivalent of $119,685 in 2010, compared to $807,310 the previous year.
Publicly traded companies, meanwhile, lost $337,930, down from $675,132, and government losses amounted to $80,910, a significant decline from 2009's $1 million.
The average Canadian organization also is spending less to protect against breaches. In 2010, respondents reported that security budgets represented slightly more than 6.5 percent of the total IT budget, compared to just under seven percent in 2009.
One-third of breaches originated from inside organizations – a number that has remained constant for government and publicly traded companies. Private companies reported that external breaches increased to 81 percent.
Regardless of the source, an increasing number of events are phishing attacks, aimed at appropriating the look and feel of brands to gain access to unwitting users' personal or financial data.