IT Security Professionals Optimistic Future Funding. Concerned that Business Partners and Suppliers have been Weakened by Economic Conditions.
The U.S. and Europe are behind the times when it comes to achieving maturity in IT security, and they lag in willingness to spend on security as well, according to the newly-released 2011 Global State of Information Security Study by CIO, CSO and PricewaterhouseCoopers.
After chasing North America for several years, Asia now reports high maturity levels across more capabilities than any other world region. In contrast, Europe trails other regions in maturity across many security capabilities. Like North America, Europe continues to suffer poor visibility into security events and, as a result, may be unaware of the true impact of events on the business.
While 68 percent of European respondents say their organizations place a high level of importance on protecting sensitive customer information, the responses from other global regions are higher, including Asia (80 percent), North America (80 percent), and South America (76 percent).
Asian security executives are much more likely to report that security spending will increase over the next year than their U.S. and European counterparts. Eighty-six percent of Asian respondents said their company will boost spending in the next 12 months, as compared with North America (71 percent), South America (81 percent) and Europe (68 percent).
Asian companies are also more likely to acknowledge that the increased risk environment inherent in current economic conditions has advanced the role and importance of the security function, and they are more focused on data protection than those in other regions. Additionally, Asian companies are more proactive at addressing emerging practices such as implementing security technologies supporting Web 2.0 exchanges.
Globally, many companies are unprepared to deal with the potential risks of Web 2.0 applications. Sixty percent of respondents said their organization has yet to implement security technologies related to Web 2.0 exchanges such as social networks, blogs or wikis, while 77 percent of respondents didn’t even have security policies in these areas.
Optimism on Spending
The 8th annual survey of more than 12,800 executives from 135 countries revealed a remarkable level of optimism among security executives. On a global basis, 52 percent said their company will increase security spending over the next year.
Security executives, however, also said their companies have been impacted by spending restraints, often resulting in the stalling or degradation of some fundamental security capabilities such as conducting personnel background checks and the use of vulnerability scanning tools. Additionally, 47 percent of respondents said their organization had reduced security-related funding for capital expenditures and 46 percent said their company had reduced security-related operating expenditures.
The top factors driving information security spending this year are economic conditions (reported by 49 percent of respondents), business continuity and disaster recovery (40 percent), company reputation (35 percent), internal policy compliance (34 percent) and regulatory compliance (33 percent).
“This year’s spending drivers aren’t new,” said Mark Lobel, an Advisory principal at PricewaterhouseCoopers. “What is surprising, however, is that almost every one of these factors is trending at or near four-year lows.”
The only spending driver to show substantial increases this year is “client requirement,” the study found. Client requirement moved up from the bottom of the list in 2007 to near parity with the top-ranking legal/regulatory environment.
Beyond IT’s Walls
Moving beyond the IT organization, the survey revealed a significant shift in the ongoing evolution of the CISO’s reporting channel, which has moved away from the CIO in favor of the company’s senior business decision-makers such as the CFO and the CEO. It also found that many companies are using an additional tool — insurance — to protect the organization from theft or misuse of assets such as sensitive data or customer records. Forty-six percent of respondents said their organization has an insurance policy.
The 2011 Global State of Information Security Survey is a worldwide security survey by PricewaterhouseCoopers, CIO and CSO magazines. It was conducted online from February 19, 2010 to March 4, 2010.
The results discussed in this report are based on the responses of more than 12,840 CEOs, CFOs, CIOs, CSOs, and other senior IT executives 135 countries. Thirty-seven percent of respondents were from Asia, 30 percent from Europe, 17 percent from North America, 14 percent from South America, and 2 percent from the Middle East and South Africa. The margin of error is less than 1 percent.