Are Standardized Practices and IT Certifications an Indication of Cybersecurity Readiness?

ByClaudiu Popa

Another summer, another Datarisk Canada research project. This term, my Ontario Tech University students conducted a Capstone study to determine the cybersecurity readiness of Canadian companies in various sectors and to no one’s surprise, the results aren’t great:

  • 52% of companies say they do not adhere to ANY industry standards, preferring instead to follow their own ‘best practices’ for data protection and compliance
  • 42% of respondents reported having NO certified professionals among the ranks of their IT teams, including security and privacy

While many will be relieved to not fall into these categories, the rest should be reminded about the extensive selection of information technology certifications and broad spectrum of security frameworks and risk management methodologies available today.

Whether your organization is in a regulated sector or part of supply chain (and who isn’t), standardized practices and independent risk assessments are no longer optional (and haven’t been for decades).

(Interactive diagram courtesy of: https://lnkd.in/gxVpW5ej)

Claudiu Popa is a public speaker, cybersecurity expert and passionate defender of privacy rights who engages audiences through storytelling and weaponizes academic courses, radio, television, podcasts, social media and the written word to fight for the vulnerable in society and catalyze positive social change in Canada.