Information security breaches are up among Canadian organizations, according to an annual
Telus Corp. /
Rotman School of Management study – but it’s not necessarily all bad news.
In fact, data from the
2009 Rotman-Telus Joint Study on Canadian IT Security Practices suggests that the increase could reflect improved security monitoring and reporting – the result of stronger security mechanisms in response to strict information-protection regulations, according to the report’s authors.
Presenting at the
Toronto Board of Trade this week, Dr. Walid Hejazi, a professor of business economics at Rotman, said that the average annual cost of dealing with an information breach nearly doubled from 2008 to 2009, going from $423,469 last year to $834,149 in the study of 600 IT security professionals. As well, the average number of breaches per organization increased from three to 11.
The good news? That increase results in part from greater investments in technology and processes designed to help organizations meet new information-governance rules, Hejazi said. Companies are catching more of these infiltration attempts and assigning more money to deal with them.
In an interview after the Board of Trade presentation, Alan Lefort, managing director of Telus’s security labs, explained that “breach costs” could include the price of a consultant called in to help an organization avoid future breaches, and technology to thwart infiltrations down the road.
And even though the number of breaches went up, the cost of dealing with individual breaches decreased, because organizations are getting better at responding to the situations, according to the report.
