CATA Cyber Security Benchmark Survey

 

CATA Alliance has released a Cyber Security Benchmark Survey. CATA is a strong supporter of improving Cyber Security across Canada, and with the results  from this survey will work towards helping organizations achieve a better grasp on Cyber Security

The Canadian Advanced Technology Alliance (CATAAlliance) is Canada’s One Voice for Innovation Lobby Group, crowd sourcing ideas and guidance from thousands of opt in members in moderated social networks in Canada and key global markets. CATA is the foundation for commercialization, market research, networking, events, access to other associations, and professional development, across the nation. Learn more about CATA

Please take a moment to fill out survey.

If you have trouble viewing or submitting this form, you can fill it out in Google Forms.

Never submit passwords through Google Forms.

* Required

  1. How concerned is your organization regarding cyber threats and data breaches? *
1 2 3 4 5
No concerns ( ) ( ) ( ) ( ) ( ) Extremely concerned
  1. What are the most significant cyber threats your organization faces today *
  2. What are the biggest obstacles to your organization becoming more cyber secure? *
  3. How significant would impacts from a cyber-incident be on your organization? *
1 2 3 4 5
No impact ( ) ( ) ( ) ( ) ( ) Catastrophic impact
  1. Is your organization confident that it has the appropriate level of technology, people and processes to provide the required level of security for its operations and the data it holds? *
1 2 3 4 5
insufficient ( ) ( ) ( ) ( ) ( ) sufficient
  1. In the event of a cyber-incident, is your organization sufficiently prepared to respond with the necessary people, process, and tools? *
1 2 3 4 5
not prepared at all ( ) ( ) ( ) ( ) ( ) fully prepared
  1. Has your organization taken into account its potential legal exposure in the case of litigation resulting from a cyber-incident? *
1 2 3 4 5
no consideration given to legal risks ( ) ( ) ( ) ( ) ( ) identified and addressed
  1. Has your organization retained external legal counsel to assist with designing and implementing a cyber-incident response plan? *
  2. To what extent is security embedded into your corporate culture? *
1 2 3 4 5
no security culture at present ( ) ( ) ( ) ( ) ( ) strong security culture at all levels
  1. How would you rate Canada and government leaders’ level of commitment and leadership as it relates to the growing threat of cyber attacks? *
1 2 3 4 5
no leadership or commitment demonstrated ( ) ( ) ( ) ( ) ( ) strong leadership on all cyber security issues
  1. Do you feel that there are sufficient Canadian government resources for organizations wanting to prepare/counter cyber threats? *
1 2 3 4 5
insufficient resources to manage cyber threats ( ) ( ) ( ) ( ) ( ) superior resounces available within Canada to help organizations prepare and defend against cyber attacks
  1. Have security threats affecting your industry decreased, stayed the same, or increased from last year? *
1 2 3
decreased ( ) ( ) ( ) increased
  1. Has your cyber risk profile worsened, stayed the same, or improved from last year? *
1 2 3
worsened ( ) ( ) ( ) improved
  1. Is this year’s cybersecurity budget lower, the same, or higher than last year? *
1 2 3
lower ( ) ( ) ( ) higher
  1. Do you expect next year’s cybersecurity budget to be lower, the same, or higher than this year? *
1 2 3
lower ( ) ( ) ( ) higher
  1. Are the number of full time equivalent (FTE) staff focused on cybersecurity lower, the same, or higher than last year? *
1 2 3
lower ( ) ( ) ( ) higher
  1. Do you expect the number of FTE focused on cybersecurity next year to be lower, the same, or higher than this year? *
1 2 3
lower ( ) ( ) ( ) higher
  1. How would you rate the current labour market for trained cybersecurity professionals? *
    • ( ) Growing lack of skilled labour and a challenge for our organization
    • ( ) Adequate access to skilled professionals
    • ( ) No problem recruiting and retaining trained professionals
  1. Has your organization established a team which can implement a response plan in the case of a cyber-incident? *
  • ( ) Yes
  • ( ) No
  • ( ) Other:
  1. What position at your organization is the primary point of contact for cyber incidents? *
  2. What is your cybersecurity spend as a percentage of total IT spend? *
  3. Does your organization vet and/or audit your vendors to ensure they are cyber safe and not putting your organization at risk? If yes, please explain (e.g., frequency, use of third party auditors, etc.) *
  4. Does your organization have cyber liability insurance in place? *
  • ( ) Yes
  • ( ) No
  1. Do your cybersecurity processes include the training of your staff? If yes, briefly describe the process, frequency and any monitoring of compliance and whether the training is mandatory. *
  2. Should the private sector play a more active role in helping companies share cyber threat information? Please explain *
  3. Do you feel that Canada’s current laws and regulations restrict the sharing of cyber threat information? *
  • ( ) Yes
  • ( ) No
  1. Do you support public-private sector collobaration around cybersecurity (ie. information sharing, research, etc.? *
  • ( ) Yes
  • ( ) No
  1. Do you purchase Cyber threat information or Cyber Threat Data Feeds? (e.g. X-Force, REPSM, Fire-Eye) *
  • ( ) Yes
  • ( ) No
  1. Do you leverage opensource cyber threat data feeds? (e.g. Shadow server, CCIRC) *
  • ( ) Yes
  • ( ) No
  1. What barriers do you believe prevent the timely and efficient sharing of cyber threat information in Canada? *

Check all that apply

  • ( ) Legislation
  • ( ) Trust
  • ( ) Intermediary
  • ( ) Data format standards
  • ( ) Other:

Please provide your industry and job classification (ie. CISO, CEO, Director IT, etc.)