Canadian IT Security Stats

The 2008 Rotman-TELUS Joint Study on Canadian IT Security Practices is a must-read for anyone involved with identity, security or privacy in Canada.

There were 300 participants, including responses from private companies, publicly traded corporations and government/not-for-profit organizations.  The survey results are primarily broken down into these categories, so I’ll summarize some noteworthy numbers for Government organizations:

  • 16 — percentage of organizations that have experienced a breach due to misuse of a public web application.
  • 26 — percentage of respondents that are planning to invest in Identity Management in the next 12 months (tied for second highest priority, behind storage encryption).
  • 39 — percentage of organizations that perform risk assessment annually.
  • 55 — percentage that indicated they have experienced a breach due to virus, worms, malware, etc.
  • 65 — percentage of organizations that allow outsourcing of IT security.
  • 66 — percentage of security groups that report to an IT executive (as opposed to CEO, Risk Management or other line-of-business executive).
  • 68 — percentage that indicated litigation as a ‘breach concern’.
  • 321,429 — amount, in dollars, the average breach is estimated to cost a government organization.
  • Zero — percentage of respondents that reported they have lost proprietary information due to a breach.

(For some interesting statistics from the Calgary Critical Infrastructure conference, click here.)


Author: code

Mike Waddingham is senior Information Technology management consultant with over 30 years of industry experience. He is the owner of Code Technology Corp.

2 thoughts on “Canadian IT Security Stats”

  1. Hi Mike,

    thanks for mentioning the study. If you have any questions, please feel free to reach out.


    Alan LeFort

Comments are closed.