Organizations that say “yes”to innovation in a security-responsible manner create an environment where security and innovation thrive hand-in-hand, according to the 6th annual 2014 TELUS-Rotman Security Study, a survey of 400 Canadian security professionals.

Enterprises with a “yes” focus have greater satisfaction with security postures, fewer breaches (9.5 vs. 14.9 breaches on average), and better risk management capability (mean rating of 3.6 vs. 1.5 out of 5).

In addition, organizations with a security-responsible approach to business-enabling innovations are three times more likely to have no difficulty retaining security staff, the report says. For cybersecurity also, a security-responsible approach to advanced threats (such as using rigorous threat monitoring procedures) decreases breach numbers and improves satisfaction (70 percent for those with rigorous monitoring versus 39.5 for those without).

To become a more security-responsible enterprise, the study recommends focusing on risk, not merely compliance; retaining a workforce with high-level skill sets; focusing on policy diligence; and educating employees on security policies and the rationale and consequences behind them.