Canadian data breaches: The only thing that will lead to change

It may be difficult to prove this statistically, but it is highly unlikely anyone will be able to guilt Canadian companies into spending more money to fend off potential computer security attacks.

This week EMC Corp. released the results of a worldwide survey conducted by research firm Vanson Bourne that showed only 58 per cent of technology professionals here think their bosses are confident in the security and performance of their computer systems. In other words, you could reasonably infer that many executives would not be able offer their customers much assurance that their company won’t be brought down by hackers, lose personal information or worse.

Even if you interpreted it another way – that the 58 per cent shows at least more than half have faith in their computer security – it’s possible that faith is misplaced. After all, 53 per cent of executives surveyed also said they had suffered at least one technology incident in the last 12 months. The word “incident,” this case, could mean a lot of things, but even if it only refers to computer systems crashing for a few minutes, there are obviously a lot of companies still grappling with technology glitches. Overall, Canada ranked 9th out of 16 countries in terms of deploying advanced security products.

“This needs to be elevated to the boardroom,” EMC Canada managing director Michael Sharun told reporters at a briefing about the survey results. Part of the problem, he suggested, is that certain industries are less tied to their computer systems than others. In oil and gas, for example, “even amid downtime, the oil is still there.”

There’s even more to it than that, though. Although the EMC research is more useful than similar studies because it actually has a decent amount of Canadian-specific data, individual companies aren’t likely to be motivated to improve our international standing in data protection out of some vague sense of patriotism. They’re only really interested in the fate of their own organizations, and even then, it’s only when a technology disaster becomes public knowledge. When Adobe admitted last month it suffered a breach that compromised 150 million users, you can be sure there will be a commitment to better computer security.

No matter how high-profile the incident, however, companies never seem to learn from the mistakes of others. Few would want to go through the hell that Sony experienced with the data breach involving its PlayStation online network two years ago, for instance. Yet the EMC study’s figures on security lapses are consistent with similar surveys from Symantec, McAfee and Telus, among others.

Instead of focusing on the trust or confidence of the people who run Canadian companies, as EMC did, perhaps Canadian companies should ask themselves how well their customers would rate them in computer security. And then maybe they should actually have the courage to ask some of those customers directly with their own research. If scary statistics and even scarier news stories aren't driving them to improve, direct feedback from the people they claim to care about is probably the only thing that will.