The results of the 2009 Rotman-TELUS Joint Study on Canadian IT Security Practices are now available. Interesting points from the one pager summary:
Breaches
• Breaches and annual costs are up; per breach costs are down
• Canada catching up to USA in terms of breaches
• Most breaches are up: led by unauthorized Access by Employees
- Insider breaches almost double in 2009, now comparable to USA rates
• Disclosure or loss of customer data remains top issue
• Organizations cite damage to brand as biggest breach concern
IT Security Budgets
• Growing threat has rendered most security budgets inadequate
• The average security budget was 7% of the IT budget
• Top performing respondents spent at least 10% of their IT budget on IT security
IT Security Profession
• Organizations rewarding formal education more than certifications
• 46% of respondents earned more than $100,000
IT Governance and Outsourcing
• High-performing security programs have strong governance and focus on education
• Business metrics substantially increased the perceived value of security
• On-shore security outsourcing increases
- Privacy favouring Canadian service providers
- Publicly traded companies outsource to the best-value provider regardless of location
Technology and Security Countermeasures
• Application security practices not keeping up with evolving threats
- More than half of respondents consider security in their development lifecycle
- Focus in Canada is predominantly towards after-the-fact security, rather than “build it secure.”
• Cloud security concerns similar to classic outsourcing
• Technology investments focus on fighting malware
- Organizations favour protecting applications versus fixing them
No comments:
Post a Comment