[STAT CAN] Wall of Fail


By Adeline Veyrinas, Loreena Berthoux and Manon Pamar, University of Montréal

This research is based on Statistics Canada data from the 2017 Canadian Cyber ​​Security and Cybercrime Survey of more than 10,000 Canadian companies.

Our goal was to highlight the least performing cybersecurity businesses in the following areas: vulnerabilities, reporting cybercrime incidents, cybersecurity measures, risk management, and concerns. The objective is to make businesses aware of the impacts that cybercrime could have on their company, as well as their cybersecurity gaps.

To do this, we conducted two different rankings regarding the achievement of different types of cybersecurity business lines.

  • The first aims to highlight the sectors with performance rates in general in all the areas mentioned above. We find, for example, accommodation and food services or agriculture, forestry, fishing and hunting. Thus, the sectors of this ranking are also those who consider that they have the least need for cybersecurity. However, these are typically small businesses where a cybersecurity incident could have a much greater impact than others, which could lead to bankruptcy due to significant repair costs or damage to their reputation.
  • The second ranking we performed is based on the relationship between the performance of these industries in the selected areas and their level of victimization in cybercrime. Examples include transportation and warehousing, as well as administration, support, waste management and remediation services. Thus, the lowest performers in this category are the least effective in cybersecurity, that is to say for which their overall cybersecurity performance rate does not allow them to adequately prevent incidents of cybercrime that they may suffer and their consequences.

In sum, this research has highlighted keys element enabling companies to be efficient in terms of cybersecurity and thus effectively protect themselves from the dangers of cybercrime is involvement, that is, to say the commitment in the prevention of risks in cybercrime. Indeed, we have noted the existence of a relationship between corporate cybercrime prevention accountability and their actions in securing their company.