Canadian businesses are not equipped to respond to security threats within their networks, according to a recent survey conducted by Cisco.

The study, which includes the views of Canadian business representatives and consumers about security at work, also found that there are discrepancies between the preparedness of large and small businesses.

Respondents were asked questions about security policies, practices and recent cyber-attacks at their business, including their security preparedness for new IT consumption models such as mobile and cloud-based applications.

Study findings indicate that many Canadian businesses operate without any security strategy for their network, leaving them highly susceptible to threats such as data loss or theft. “What is troubling for Canadian businesses is that these results only represent known breaches and attacks, so it brings up the possibility that small, mid-size and even public sector organizations are actually experiencing more breaches and attacks than enterprises, but they are less aware,” said Warren Shiau, director, buyer behaviour research practice, IDC Canada.

Key findings:

• 60 per cent of businesses do not have a security strategy in place and/or are unsure whether their security strategy accounts for an evolving data centre and IT consumption model, or do not have a strategy to prepare for these changes.

• Eight per cent of Canadian businesses are unsure of whether they have experienced a security threat, attack or breach on their network in the last 12 months.

• 15 per cent of companies do not have a security strategy in place.

• 22 per cent of businesses report that they have experienced a threat, attack or breach in the last 12 months.

• Canadian businesses with less than 100 employees are the most likely to not have a security strategy (26 per cent), while midsized businesses are the least likely to have a strategy in place for changing IT consumption models (25 per cent).

• 31 per cent of Canada’s largest companies are unsure if their IT security strategy accounts for evolving data centre and IT consumption models.

• Less than 60 per cent of Canadian businesses have IT solutions in place to protect company data on employeeowned devices.

• 24 per cent of employed Canadians use a personal device for work despite being employed by a company that does not allow this practice. Another 11 per cent do so without knowing if it is

allowed by their employer.

• Businesses most prepared to protect company data on employee-owned devices are those with more than 1,000 employees (64 per cent). Those least prepared are companies with less than 100 employees (44 per cent).

• 48 per cent of employed Canadians believe that they are allowed to bring and use personal devices on the corporate network, while 57 per cent of representatives of businesses say they have IT solutions in place to protect data on employee devices.

About the survey: Data was compiled through two online surveys conducted by IDC Canada over the months of August and September 2014, with a representative sample of 2,000 Canadians, aged 18 years and older, and a sample of 498 Canadian organizations across sectors and business sizes.