Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

U.S. and Europe Lag Asia in IT Security Spending Outlook, Maturity

IT Security Professionals Optimistic Future Funding. Concerned that Business Partners and Suppliers have been Weakened by Economic Conditions.

The U.S. and Europe are behind the times when it comes to achieving maturity in IT security, and they lag in willingness to spend on security as well, according to the newly-released 2011 Global State of Information Security Study by CIO, CSO and PricewaterhouseCoopers.

IT Security Professionals Optimistic Future Funding. Concerned that Business Partners and Suppliers have been Weakened by Economic Conditions.

The U.S. and Europe are behind the times when it comes to achieving maturity in IT security, and they lag in willingness to spend on security as well, according to the newly-released 2011 Global State of Information Security Study by CIO, CSO and PricewaterhouseCoopers.

After chasing North America for several years, Asia now reports high maturity levels across more capabilities than any other world region. In contrast, Europe trails other regions in maturity across many security capabilities. Like North America, Europe continues to suffer poor visibility into security events and, as a result, may be unaware of the true impact of events on the business.2011 Global State of Information Security Survey

While 68 percent of European respondents say their organizations place a high level of importance on protecting sensitive customer information, the responses from other global regions are higher, including Asia (80 percent), North America (80 percent), and South America (76 percent).

Asian security executives are much more likely to report that security spending will increase over the next year than their U.S. and European counterparts. Eighty-six percent of Asian respondents said their company will boost spending in the next 12 months, as compared with North America (71 percent), South America (81 percent) and Europe (68 percent).

Asian companies are also more likely to acknowledge that the increased risk environment inherent in current economic conditions has advanced the role and importance of the security function, and they are more focused on data protection than those in other regions. Additionally, Asian companies are more proactive at addressing emerging practices such as implementing security technologies supporting Web 2.0 exchanges.

Globally, many companies are unprepared to deal with the potential risks of Web 2.0 applications. Sixty percent of respondents said their organization has yet to implement security technologies related to Web 2.0 exchanges such as social networks, blogs or wikis, while 77 percent of respondents didn’t even have security policies in these areas.

Optimism on Spending

The 8th annual survey of more than 12,800 executives from 135 countries revealed a remarkable level of optimism among security executives. On a global basis, 52 percent said their company will increase security spending over the next year.

Advertisement. Scroll to continue reading.

Security executives, however, also said their companies have been impacted by spending restraints, often resulting in the stalling or degradation of some fundamental security capabilities such as conducting personnel background checks and the use of vulnerability scanning tools. Additionally, 47 percent of respondents said their organization had reduced security-related funding for capital expenditures and 46 percent said their company had reduced security-related operating expenditures.

The top factors driving information security spending this year are economic conditions (reported by 49 percent of respondents), business continuity and disaster recovery (40 percent), company reputation (35 percent), internal policy compliance (34 percent) and regulatory compliance (33 percent).

“This year’s spending drivers aren’t new,” said Mark Lobel, an Advisory principal at PricewaterhouseCoopers. “What is surprising, however, is that almost every one of these factors is trending at or near four-year lows.”

The only spending driver to show substantial increases this year is “client requirement,” the study found. Client requirement moved up from the bottom of the list in 2007 to near parity with the top-ranking legal/regulatory environment.

Beyond IT’s Walls

Moving beyond the IT organization, the survey revealed a significant shift in the ongoing evolution of the CISO’s reporting channel, which has moved away from the CIO in favor of the company’s senior business decision-makers such as the CFO and the CEO. It also found that many companies are using an additional tool — insurance — to protect the organization from theft or misuse of assets such as sensitive data or customer records. Forty-six percent of respondents said their organization has an insurance policy.

The 2011 Global State of Information Security Survey is a worldwide security survey by PricewaterhouseCoopers, CIO and CSO magazines. It was conducted online from February 19, 2010 to March 4, 2010.

The results discussed in this report are based on the responses of more than 12,840 CEOs, CFOs, CIOs, CSOs, and other senior IT executives 135 countries. Thirty-seven percent of respondents were from Asia, 30 percent from Europe, 17 percent from North America, 14 percent from South America, and 2 percent from the Middle East and South Africa. The margin of error is less than 1 percent.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...