New TELUS, Rotman IT security study shows cyber-loss is costing Canadian companies $637,000 annually on average

Study by TELUS and Rotman first to provide clarity on the state of IT security in Canada

Toronto, ON – A new study from TELUS in partnership with Rotman School of Management released today shows that IT security breaches are costing publicly traded Canadian companies an average loss of more than $637,000 annually. In government, the cost is $320,000 per organization, while the cost to private companies is $294,000 a year to cyber crime.

Similar studies in the U.S. show the cost of data security breaches more than doubling year over year, rising to an average of US$345,000 in 2007 from US$167,713 in 2006 for public companies. There is no similar benchmark data for Canada, but Rotman business economics professor Dr. Walid Hejazi says the trend towards increased loss is likely similar here.

“IT security is a C-suite level business issue,” said Dr. Hejazi. ”In an increasingly information-based society, managing data security is fundamental to business strategy. Security breaches come with indirect and direct costs. The damage to brand and customer confidence can last a very long time, and as our study shows, while direct costs are significant and measurable. Simply put, our study clearly shows that lacking the ability to collect and store information safely will severely limit the success and growth potential of any business.”

There are many IT security studies available that are either global or U.S.-centric, or specific to certain industries. To better understand the nature of IT security in Canada, TELUS and the Rotman School of Management partnered in the Rotman-TELUS Joint Study on Canadian IT Security Practices to provide clarity on the state of IT security specifically in Canada. The study examines the IT security practices of more than 300 Canadian businesses.

“At TELUS, we are committed to helping Canadian companies use technology to realize limitless opportunities for competitive advantage,” said Yogen Appalraju, vice-president, TELUS Security Solutions. “IT security is a technology cornerstone for business. To successfully protect incoming and outgoing information from breaches, customers need to be able to measure, evaluate and improve the effectiveness of their security investments. This new study in partnership with Rotman provides Canadian organizations with insights into building an effective security program.”
Other key findings from the study include:

• Not every industry fares the same in terms of IT security performance. Those performing above the average include IT companies, healthcare and financial institutions.

• Canada has caught up with the U.S. in terms of IT security investment. This has been driven by requirements to comply with Canadian regulations such as Payment Card Industry (PCI) and Personal Information Protection and Electronic Documents Act (PIPEDA).

• The best practices for IT security include having a focus on performance measurement, balancing staffing investments in proportion to the growth of technology, and utilizing application security outside of the network, like encryption, to protect customer data.
The full results of the study will be made public tomorrow at the Information Systems Audit and Control Association (ISACA) 2008 international conference in Toronto. Please contact TELUS for additional results of this survey or go to www.telus.com/securitystudy or http://www.rotman.utoronto.ca/securitystudy.
TELUS is a global leader in security products and services, operating one of the world’s leading threat and vulnerability analysis labs. For more information about TELUS Security Solutions, please click here.