Media Releases

2014 TELUS-Rotman Security Study introduces a “security responsible” approach to technology innovation

April 29, 2014

Enter­pris­es that fol­low best prac­tices and adopt inno­va­tion in a strate­gic and respon­si­ble man­ner have high­er secu­ri­ty sat­is­fac­tion, few­er breach­es and improved risk man­age­ment

TORONTO, ON – TELUS and the Rot­man School of Man­age­ment at The Uni­ver­si­ty of Toron­to today released the 2014 TELUS-Rot­man Secu­ri­ty Study. Now in its sixth year, the annu­al sur­vey tracks indus­try trends and doc­u­ments the state of IT secu­ri­ty in Cana­da. The 2014 report focus­es on how enter­pris­es can stay secure while mak­ing pro­gres­sive inno­va­tion deci­sions by tak­ing a “secu­ri­ty respon­si­ble” approach.

Return­ing to a quan­ti­ta­tive approach for this year’s study, the research team sur­veyed more than 400 Cana­di­an secu­ri­ty pro­fes­sion­als to get the pulse on trends it has been fol­low­ing since 2008. This year’s study also includes glob­al per­spec­tives on the data, trends and analy­sis from key secu­ri­ty thought lead­ers from com­pa­nies includ­ing, British Tele­com and Cylance Inc.

“As we exam­ined and ana­lyzed the data, four key secu­ri­ty best prac­tices came into view: a strong focus on risk man­age­ment, retain­ing the right skills and exper­tise with­in an orga­ni­za­tion, effec­tive poli­cies and gov­er­nance, and employ­ee edu­ca­tion,” said Dr. Walid Hejazi, pro­fes­sor of Busi­ness Eco­nom­ics, Rot­man School of Man­age­ment. “As our think­ing crys­tal­ized, the con­cept of ‘secu­ri­ty respon­si­ble’ emerged as the cen­tral theme of the research.”

To quan­ti­fy the con­cept of secu­ri­ty respon­si­ble, the research team assigned a pro­pri­etary rat­ing scale of zero to sev­en (with zero being the least and sev­en being the most respon­si­ble). Regard­less of whether enter­pris­es say ‘yes’ or ‘no’ to inno­va­tion, those that rate high­er on the secu­ri­ty respon­si­ble scale expe­ri­ence more secu­ri­ty suc­cess in terms of:

• Greater sat­is­fac­tion with their secu­ri­ty pos­tures (mean rat­ing of 3.8 vs. 3.2 out of 5)

• Few­er breach­es (9.5 vs. 14.9 breach­es, aver­aged dur­ing pre­vi­ous 12 months)

• Bet­ter risk man­age­ment capa­bil­i­ty (mean rat­ing of 3.6 vs. 1.5 out of 5)

How­ev­er, the great­est busi­ness ben­e­fits are real­ized by orga­ni­za­tions that say ‘yes’ to inno­va­tion in a secu­ri­ty respon­si­ble man­ner; cre­at­ing an envi­ron­ment where secu­ri­ty and inno­va­tion both thrive.

“Cana­di­an com­pa­nies that embrace busi­ness-enabling inno­va­tions and are ‘secu­ri­ty respon­si­ble’ enjoy the best of both worlds,” said Her­nan Bar­ros, Direc­tor, Secu­ri­ty Ser­vices, TELUS Secu­ri­ty Solu­tions. “By tak­ing a secu­ri­ty respon­si­ble approach, an orga­ni­za­tion can real­ize pro­duc­tiv­i­ty gains and cost sav­ings through inno­va­tions like ‘bring your own device,’ social net­work­ing and cloud com­put­ing while main­tain­ing a high lev­el of secu­ri­ty suc­cess.”

Addi­tion­al­ly, the report explores how secu­ri­ty respon­si­ble orga­ni­za­tions are more suc­cess­ful in the areas of employ­ee reten­tion, mobile secu­ri­ty and deal­ing with advanced threats. The find­ings include:

• Employ­ee reten­tion: orga­ni­za­tions that adopt busi­ness-enabling inno­va­tions with a secu­ri­ty respon­si­ble approach are more than three times more like­ly to have no dif­fi­cul­ty retain­ing secu­ri­ty staff;

• Mobile secu­ri­ty: while only 37 per cent of Cana­di­an orga­ni­za­tions take a secu­ri­ty respon­si­ble approach to mobile secu­ri­ty, those that do report high­er sat­is­fac­tion with their secu­ri­ty pos­tures.

• Advanced threats: a secu­ri­ty respon­si­ble approach to advanced threats (rig­or­ous threat mon­i­tor­ing pro­ce­dures) dri­ves down breach num­bers and improves sat­is­fac­tion (70 per cent for those with rig­or­ous mon­i­tor­ing ver­sus 39.5 per cent for those who don’t active­ly mon­i­tor).

“The focus on ‘secu­ri­ty respon­si­ble’ is real­ly a call to action for Cana­di­an enter­pris­es,” con­tin­ued Mr. Bar­ros. “The data shows us that exe­cut­ing on secu­ri­ty in a respon­si­ble way deliv­ers tan­gi­ble ben­e­fits in terms of secu­ri­ty sat­is­fac­tion, low­er breach num­bers and improved risk man­age­ment – all of which are key mea­sures of secu­ri­ty suc­cess. It is pos­si­ble for every orga­ni­za­tion to take action on these find­ings by eval­u­at­ing how secu­ri­ty respon­si­ble they are and iden­ti­fy­ing where they can improve.”

The report includes four key rec­om­men­da­tions to help Cana­di­an enter­pris­es become more secu­ri­ty respon­si­ble:

• Focus on risk: com­pli­ance is essen­tial but is also the bare min­i­mum; being risk-focused means con­tin­u­ous­ly assess­ing the envi­ron­ment and under­stand­ing how a secu­ri­ty breach could impact brand and rev­enue.

• Retain the right skills: the best and bright­est secu­ri­ty pro­fes­sion­als have high stan­dards when it comes to what con­sti­tutes good secu­ri­ty prac­tices and will move on quick­ly from orga­ni­za­tions that aren’t secu­ri­ty respon­si­ble enough.

• Focus on pol­i­cy dili­gence: proven stan­dards and pro­ce­dures offer the gov­er­nance need­ed for tech­nol­o­gy deci­sions, includ­ing the adop­tion of busi­ness-enabling inno­va­tions.

• Edu­cate employ­ees: employ­ees play a cru­cial role in risk man­age­ment, so it’s impor­tant that they under­stand secu­ri­ty poli­cies, the ratio­nale behind them and the pros/cons of com­pli­ance.

Secu­ri­ty lead­ers can find the detailed break­down and analy­sis of the data and rec­om­men­da­tions at

About The Rot­man School of Man­age­ment

The Rot­man School of Man­age­ment at the Uni­ver­si­ty of Toron­to is redesign­ing busi­ness edu­ca­tion for the 21st cen­tu­ry with a cur­ricu­lum based on Inte­gra­tive Think­ing. Locat­ed in the world’s most diverse city, the Rot­man School fos­ters a new way to think that enables the design of cre­ative busi­ness solu­tions. For more infor­ma­tion, vis­it

About TELUS Secu­ri­ty Solu­tions

TELUS Secu­ri­ty Solu­tions offers cus­tomers the most com­pre­hen­sive secu­ri­ty port­fo­lio includ­ing con­sult­ing and man­aged ser­vices, tech­nol­o­gy solu­tions, plus part­ner­ships with 16 of the top 20 glob­al secu­ri­ty ven­dors. In addi­tion, TELUS Secu­ri­ty Labs – with a staff of 30 researchers and a $3 mil­lion bud­get – is a lead­ing provider of secu­ri­ty research to more than 50 of the world’s top secu­ri­ty prod­uct ven­dors. Whether your pri­or­i­ty is han­dling tar­get­ed threats with real-time con­text, secur­ing your mobile enter­prise or remov­ing your secu­ri­ty man­age­ment chal­lenge, TELUS Secu­ri­ty Solu­tions can help you gain vis­i­bil­i­ty, under­stand­ing and con­trol.


TELUS (TSX: T, NYSE: TU) is Canada’s fastest-grow­ing nation­al telecom­mu­ni­ca­tions com­pa­ny, with $11.4 bil­lion of annu­al rev­enue and 13.3 mil­lion cus­tomer con­nec­tions, includ­ing 7.8 mil­lion wire­less sub­scribers, 3.3 mil­lion wire­line net­work access lines, 1.4 mil­lion Inter­net sub­scribers and 815,000 TELUS TV cus­tomers. Led since 2000 by Pres­i­dent and CEO, Dar­ren Entwistle, TELUS pro­vides a wide range of com­mu­ni­ca­tions prod­ucts and ser­vices, includ­ing wire­less, data, Inter­net pro­to­col (IP), voice, tele­vi­sion, enter­tain­ment and video.

In sup­port of our phi­los­o­phy to give where we live, TELUS, our team mem­bers and retirees have con­tributed more than $350 mil­lion to char­i­ta­ble and not-for-prof­it orga­ni­za­tions and vol­un­teered 5.4 mil­lion hours of ser­vice to local com­mu­ni­ties since 2000. TELUS was hon­oured to be named the most out­stand­ing phil­an­thropic cor­po­ra­tion glob­al­ly for 2010 by the Asso­ci­a­tion of Fundrais­ing Pro­fes­sion­als, becom­ing the first Cana­di­an com­pa­ny to receive this pres­ti­gious inter­na­tion­al recog­ni­tion.

For more infor­ma­tion about TELUS, please vis­it


For more infor­ma­tion:

Ken McGuf­fin
Man­ag­er, Media Rela­tions
Rot­man School of Man­age­ment
Uni­ver­si­ty of Toron­to
Voice 416.946.3818
Fol­low Rot­man on Twit­ter @rotmanschool
Watch Rot­man on You Tube