By Ottawa Business Journal Staff
Sep 27, 2006
A global survey has found Canadian companies are more concerned with
protecting their reputations than their global competitors when they
spend on information security.
According to the 2006 Global State of Information Security survey, 53
per cent of Canadian companies surveyed said their reputation was
driving their information security spending. The global average was 41
"Poor information security that loses data such as customer profiles can
seriously affect a company's brand," says Greg Murray of
PricewaterhouseCoopers. "The cost of handling the public relations
issues associated with losing customer identities can be devastating."
The survey includes the responses of almost 7,800 senior executives at
companies in more than 50 countries. Two hundred and fifty Canadian
organizations of various sizes participated, representing a wide range
The study found that 67 per cent of Canadian organizations actively
engage both business and IT decision-makers in addressing information
security issues, compared to 52 per cent worldwide.
However, organizations are still relying too much on funding from their
IT budgets to pay for overall security.
"In some areas, Canadian companies have recognized that all business
units should contribute to the information security budget," Mr. Murray
says "Unfortunately, many organizations continue to rely on IT dollars
to fund security and a better balance is needed. All departments are
affected by breaches to information security it's much more than just an
IT issue, it's a business issue."
When it comes to overall spending, 48 per cent of companies said their
information security budgets will increase in 2006, while 42 per cent
said it will stay the same. Limited budgets and a limited number of
staff dedicated to security were identified as the top two barriers to
Mr. Murray was surprised to find that 61 per cent of Canadian
respondents surveyed have limited or no security training for the
end-users of technology their employees.
"Over the long term, organizations need to create a culture of security
in the workplace, where employees recognize the threats to their
organization's information security and how they can combat them," he
When it came to staffing, almost two-thirds of Canadian organizations
were found to be dedicating two or less full-time employees or
equivalents to information security. The global average was 55 per cent.
Less than a third of Canadian respondents said their physical and IT
security functions report to the same executive leader.
"Information security teams need to align with physical security
personnel to protect a business. The two areas can no longer work in
isolation," Mr. Murray says.
Visit the InfoSec News store!