Toronto, Canada - February 8, 2018


Organizations attacked more than once a day, average cost of recovery surpasses $3.7 million

TORONTO, February 8, 2018 – Canadian companies face almost constant cyber security threats, resulting in a rising number of incidents where sensitive data is stolen, according to the findings of a new study from Scalar Decisions Inc. of more than 420 Canadian IT and security workers.

Released today, the 2018 Scalar Security Study (commissioned by Scalar and conducted independently by IDC Canada) showed that Canadian organizations are attacked in varying degrees of severity more than 450 times per year, with 87% suffering at least one successful breach. Almost half (46%) are not confident in their ability to defend against attacks.

“As cyber security breaches become the new normal, organizations can’t be complacent. Many companies are still reporting gaps in their defences despite hiring full-time security staff, which may point to a deficit in the availability of highly skilled IT workers,” said Theo Van Wyk, Chief Security Architect, Scalar Decisions. “The rising number of high-impact breaches coincides with the increasing costs of recovery.”

The study, examining the cyber security readiness of Canadian organizations and year-over-year trends in handling and managing growing cyber threats, also found:

  • Of the companies that suffered a security breach, 47% had sensitive data stolen.
  • One-in-five breaches was classified as “high-impact”, where sensitive customer or employee information was exposed.
  • 36 percent of respondents are not confident in their company’s ability to respond to security breaches.
  • The average company spends $3.7 million in direct and indirect costs to recover from security breaches.
  • One-fifth of smaller organizations believe they don’t have enough resources to effectively defend against attacks.
  • Firms dedicate about 10% of their IT budgets to security spending.
  • A majority of respondents do not train employees to identify attacks, such as phishing scams, or to update software with the latest security measures.
  • Almost three-quarters of respondents don’t comprehensively analyze how third-party relationships affect their overall cyber security planning.

“Canadian companies are getting better at prioritizing cyber security, but there is still a substantial lack of training and planning,” added Van Wyk. “Organizations need to look beyond their infrastructure and weigh the insider and third-party risks they face. If this can’t be tackled in-house, then external expertise is an efficient way to shore up their defences.”

About the 2018 Scalar Security Study

All responses were captured in November and December 2017 by IDC Canada through a Canada-wide cross-industry survey of 421 IT security and risk & compliance professionals. All survey participants were screened for direct involvement in improving or managing their organization’s IT security. Respondents came from a wide variety of industries, with more than half representing companies with 250 – 4,999 employees.

The full study can be downloaded at

About IDC Canada

International Data Corporation (IDC) is the premier global provider of market intelligence, advisory services, and events for the information technology, telecommunications, and consumer technology markets. IDC Canada is part of a network of over 1,100 analysts providing global, regional, and local expertise on technology, industry opportunities and trends with more analysts dedicated to understanding the Canadian market than any other global research firm.

About Scalar

Scalar is Canada’s leading IT solutions provider, focused on security, infrastructure, and cloud. Founded in 2004, Scalar is headquartered in Toronto, with offices in Montreal, Ottawa, Winnipeg, Calgary, Edmonton, Vancouver, and Victoria. Scalar was recently named one of Canada’s Best Managed Companies, named to CRN’s 2018 Solution Provider 500 List, and listed on the Growth 500 for the ninth year running. In addition, Scalar was deemed a major player in the IDC MarketScape for Canadian managed security service providers and ranked the #1 ICT security company on the 2014 -2018 editions of the Branham 300. For further details, visit or follow Scalar on Twitter, @scalardecisions.

Back to all press