Canadian security breaches rose 29 per cent; breach costs down by 78%

TELUS and the Rotman School of Management released their third annual study on Canadian IT security, revealing that Canadian companies experienced a 29 per cent increase in security breaches from 2009 to 2010. The study also found that the annual cost of these security breaches dropped considerably from $834,000 to $179,508 during the same one-year period.

According to the survey, government entities are experiencing twice the number of breaches than companies in the private sector, with an almost 74 per cent increase in one year. The increase can be explained by a significant investment in detection and response capabilities, which enable greater visibility into breaches and lower associated costs. In addition, the study reveals a growing trend toward sophisticated attacks focused on customer and citizen data. Research from TELUS Security Labs indicates that attackers are seeking out sensitive data that can be sold or repurposed for financial gain.

Additionally, this year's study finds one in four Canadian organizations are blocking access to social networking sites, citing security as the primary driver. However, in both the private and public sectors, organizations that block these sites experienced no improvement in security and could suffer a worsening of security as employees attempt to circumvent the block.  

"We see a need to maintain control in an ever-changing threat environment, where attacks are designed to penetrate security using the latest technologies and processes," says Dr. Walid Hejazi, Professor of Business Economics, Rotman School of Management. "However, our research indicates that the adoption of social networking in the workplace is simply not a contributing factor to breach increases. The best course of action is to instil a sense of trust and educate employees on how to engage in social networking appropriately."

"Canadian organizations are optimizing for today, but are still not doing enough to prepare for tomorrow," says Yogen Appalraju, vice-president, TELUS Security Solutions. "While the investment in defensive technology is proving effective with a decrease in breach costs, organizations are experiencing more focused attacks. There needs to be continued, proactive investment in security to reduce the number of breaches, to minimize costs to organizations and most importantly, to mitigate the risk to sensitive corporate data."

The 2010 TELUS/Rotman Joint Study on Canadian IT Security Practices also uncovered insights in additional areas including:

• Proliferation of smartphones and the impacts on security in the workplace
• Reduction of IT security budgets
• State of compensation of security teams
• Impacts of outsourcing on security for Canadian organizations

For more information on the study, visit

The Rotman School of Management at the University of Toronto is redesigning business education for the 21st century with a curriculum based on Integrative Thinking. Located in the world's most diverse city, the Rotman School fosters a new way to think that enables the design of creative business solutions. The School is currently raising $200 million to ensure Canada has the world-class business school it deserves. For more information, visit