The 2008 Rotman-TELUS Joint Study on Canadian IT Security Practices is a must-read for anyone involved with identity, security or privacy in Canada.
There were 300 participants, including responses from private companies, publicly traded corporations and government/not-for-profit organizations. The survey results are primarily broken down into these categories, so I’ll summarize some noteworthy numbers for Government organizations:
- 16 — percentage of organizations that have experienced a breach due to misuse of a public web application.
- 26 — percentage of respondents that are planning to invest in Identity Management in the next 12 months (tied for second highest priority, behind storage encryption).
- 39 — percentage of organizations that perform risk assessment annually.
- 55 — percentage that indicated they have experienced a breach due to virus, worms, malware, etc.
- 65 — percentage of organizations that allow outsourcing of IT security.
- 66 — percentage of security groups that report to an IT executive (as opposed to CEO, Risk Management or other line-of-business executive).
- 68 — percentage that indicated litigation as a ‘breach concern’.
- 321,429 — amount, in dollars, the average breach is estimated to cost a government organization.
- Zero — percentage of respondents that reported they have lost proprietary information due to a breach.
(For some interesting statistics from the Calgary Critical Infrastructure conference, click here.)