The 2008 Rotman-TELUS Joint Study on Canadian IT Security Practices is a must-read for anyone involved with identity, security or privacy in Canada.
There were 300 participants, including responses from private companies, publicly traded corporations and government/not-for-profit organizations. The survey results are primarily broken down into these categories, so I’ll summarize some noteworthy numbers for Government organizations:
- 16 — percentage of organizations that have experienced a breach due to misuse of a public web application.
- 26 — percentage of respondents that are planning to invest in Identity Management in the next 12 months (tied for second highest priority, behind storage encryption).
- 39 — percentage of organizations that perform risk assessment annually.
- 55 — percentage that indicated they have experienced a breach due to virus, worms, malware, etc.
- 65 — percentage of organizations that allow outsourcing of IT security.
- 66 — percentage of security groups that report to an IT executive (as opposed to CEO, Risk Management or other line-of-business executive).
- 68 — percentage that indicated litigation as a ‘breach concern’.
- 321,429 — amount, in dollars, the average breach is estimated to cost a government organization.
- Zero — percentage of respondents that reported they have lost proprietary information due to a breach.
(For some interesting statistics from the Calgary Critical Infrastructure conference, click here.)
MIke
Hi Mike,
thanks for mentioning the study. If you have any questions, please feel free to reach out.
Cheers,
Alan LeFort
(co-author)