Canada lagging global averages in Cisco security maturity study

Rob Barton, CTO of Cisco Canada

Cisco has just released the results of its first global Cybersecurity Readiness Index study, and Canada has been found, for the most part, wanting.

The study of some 6,700 businesses worldwide characterized businesses from SMB to large enterprises into mature, progressive, formative, or beginner status in various security areas. Its Canadian respondents, for the most part, lagged behind global averages.

For example, only nine percent of Canadian respondents fell into the mature level, compared to a global average of 15 percent. The same number fell into the beginner category, while 48 percent rated formative and 34 percent progressive. Globally, the lower three tiers clocked in at 30 percent, 47 percent, and 8 percent, descending.

Canadian respondents were also less likely to be hiking their security spending by more than 10 percent over the next year (78 percent locally vs. 86 percent globally) and less likely to believe they would be disrupted by cybersecurity incidents over the next two years (a similar 77 percent to 82 percent breakdown.)

The study also broke down its findings across several different areas of security. The study finds Canadian businesses more likely to be mature regarding device security (33 percent vs. a 31 percent global average). Still, Canada takes the L in terms of maturity in each of the more advanced realms of security considered. 

  • 15 percent scored mature in identity, compared to 20 percent globally;
  • 16 percent maturity in network security compared to 19 percent globally;
  • Eight percent came in mature in application workloads, compared to 12 percent worldwide; and
  • 17 percent of Canadian respondents were mature in data security, compared to 22 percent globally.

Cisco Canada CTO Rob Barton said the first-of-its-kind survey would be used to set the expectations for future research. Still, more immediately, customers and partners would be wise to take the results as a wake-up call.

“The threat landscape is changing, and we can see that by the high-profile attacks in Canada. We need to pull up our socks,” Barton said. “This should spur some action in terms of soul-searching and self-examination.”

As the survey looks across various business sizes, Canada’s relatively low maturity may be at least partially a function of the fact that Canada is over-indexed in small businesses compared to other major markets worldwide. But even that points to the need for better security options for smaller customers, which in turn points to opportunities for managed service providers serving the SMB space.

“There’s definitely an opportunity for businesses to really support those customers,” Barton said.

So what are the first areas Barton would look for customers to “level up” their security? He identified better identity management and embracing a zero-trust approach as a significant opportunity.

“We’d love to see more of our customers go that way. It’s one of your best lines of defence,” he said.

Barton also advocates for investment in visibility, ensuring the plethora of data collected from various points around the business is aggregated, correlated, and made easy to act upon.

“You can’t secure what you can’t see, and the more insights you get, the better you’re going to be,” Barton said. “If they’re going after vulnerabilities you don’t know about, there’s nothing you can do.”

Barton said he hoped the survey results would create a conversation about the need to invest in security and that businesses would “think about the financial impact of not acting.”

Among Canadian respondents, 51 percent said they had experienced a cybersecurity incident in the last 12 months, and 34 percent of those who reported an incident put the price tag on recovering at $500,000 (U.S.) or more.

Robert Dutt

Robert Dutt is the founder and head blogger at He has been covering the Canadian solution provider channel community for a variety of publications and Web sites since 1997.