Information Security Function 'Respected — but Still Restrained;' Security Professionals More Optimistic Than Ever on Future Funding, According to 2011 Global State of Information Security Study® by CIO, CSO and PricewaterhouseCoopers
While optimistic on spending, survey respondents are concerned that business partners and suppliers have been weakened by economic conditions
NEW YORK and FRAMINGHAM, Mass., Sept. 14 /PRNewswire/ -- The 2011 Global State of Information Security Survey® found that 49 percent of respondents said economic conditions continue to drive information security spending – and most said they are optimistic that their companies will increase spending in the next year. The study, the largest of its kind, is conducted by PricewaterhouseCoopers LLP (PwC) in conjunction with CIO and CSO magazines.
The 8th annual survey of more than 12,800 executives from 135 countries revealed a remarkable level of optimism among security executives: Fifty-two percent said their company will increase security spending over the next year. Yet many executives said their company's business partners (52 percent) and suppliers (50 percent) have been weakened by economic conditions, a substantial increase from 43 percent and 42 percent, respectively, in 2009.
"With the rise of outsourcing and offshoring, it is understandable that more companies are concerned that their business partners and suppliers have been weakened by economic conditions," said Mark Lobel, an Advisory principal at PricewaterhouseCoopers. "This change reveals that respondents are concerned about the vulnerability that their business partners and suppliers may now face due to a reduced focus on security controls."
Security executives said their companies also have been impacted by spending restraints, often resulting in the stalling or degradation of some fundamental security capabilities such as conducting personnel background checks and the use of vulnerability scanning tools. Additionally, 47 percent of respondents said their organization had reduced security-related funding for capital expenditures and 46 percent said their company had reduced security-related operating expenditures.
The top factors driving information security spending this year are economic conditions (reported by 49 percent of respondents), business continuity and disaster recovery (40 percent), company reputation (35 percent), internal policy compliance (34 percent) and regulatory compliance (33 percent).
"This year's spending drivers aren't new," Lobel said. "What is surprising, however, is that almost every one of these factors is trending at or near four-year lows."
The only spending driver to show substantial increases this year is "client requirement," the study found. Client requirement moved up from the bottom of the list in 2007 to near parity with the top-ranking legal/regulatory environment. The rise of client requirement demonstrates the continuing strategic importance and integration of the security department to the business.
The 2011 Global State of Information Security Survey® also found a significant shift in the ongoing evolution of the CISO's reporting channel, which has moved away from the CIO in favor of the company's senior business decision-makers such as the CFO and the CEO.
Risks of social networking and a new role for insurance
The 2011 Global State of Information Security Survey® revealed that many companies are unprepared to deal with the potential risks of social networking and other Web 2.0 applications. Sixty percent of respondents said their organization has yet to implement security technologies supporting Web 2.0 exchanges such as social networks, blogs or wikis, according to the survey. Additionally, 77 percent of respondents said their organization has not established security policies that address the use of social networks or Web 2.0 technologies.
This lack of action on social networking and Web 2.0 technologies can expose organizations to a variety of risks, including loss or leakage of information, damage to the company's reputation, illegal downloading of pirated material, and identity theft.
The survey also found that many companies are using an additional tool -- insurance -- to protect the organization from theft or misuse of assets such as sensitive data or customer records. Forty-six percent of respondents said their organization has an insurance policy. Additionally, 17 percent of respondents said their company has made a claim and 13 percent said their company has collected on a claim.
Asia leads in mature security capabilities
After chasing North America for several years, Asia now reports high maturity levels across more capabilities than any other world region.
Asian companies are more likely to acknowledge that the increased risk environment inherent in current economic conditions has advanced the role and importance of the security function, and they are more focused on data protection than those in other regions. Additionally, Asian companies are more proactive at addressing emerging practices such as implementing security technologies supporting Web 2.0 exchanges.
Asian respondents are much more likely to report that security spending will increase over the next year when compared with executives from other regions of the world. Eighty-six percent of Asian respondents said their company will boost spending in the next 12 months, as compared with North America (71 percent), South America (81 percent) and Europe (68 percent).
"Asian respondents are much more optimistic that security spending will increase in the months ahead than their regional counterparts worldwide," says Bob Bragdon, publisher of CSO. "While security continues to be a priority, North American respondents are being cautious and strategic in future areas of investments as economic conditions continue to fluctuate."
South America's focus on the information security function has been more variable, the survey found. South America stands right behind the Middle East and Africa as the regions most likely to defer security-related initiatives or reduce budgets for both capital and operating expenditure. Yet South American respondents rival Asians in their optimism that information security spending will increase over the next 12 months.
In Europe, the focus on information security is far more muted, the survey found. Europe now trails other regions in maturity across many security capabilities. Like North America, Europe continues to suffer poor visibility into security events and, as a result, may be unaware of the true impact of events on the business. While 68 percent of European respondents say their organizations place a high level of importance on protecting sensitive customer information, the responses from other global regions are higher, including Asia (80 percent), North America (80 percent), and South America (76 percent).
To learn more about the survey, including industry specific highlights and further regional information, please visit www.pwc.com/giss2011.
METHODOLOGY
The 2011 Global State of Information Security Survey® is a worldwide security survey by PricewaterhouseCoopers, CIO and CSO magazines. It was conducted online from February 19, 2010 to March 4, 2010. Readers of CIO and CSO magazines and clients of PricewaterhouseCoopers from around the globe were invited via email to take the survey.
The results discussed in this report are based on the responses of more than 12,840 CEOs, CFOs, CIOs, CSOs, vice presidents and directors of IT and information security from 135 countries. Thirty-seven percent of respondents were from Asia, 30 percent from Europe, 17 percent from North America, 14 percent from South America, and 2 percent from the Middle East and South Africa. The margin of error is less than 1 percent.
NOTE TO EDITORS: Please reference the study as "The 2011 Global State of Information Security Study®, a worldwide study by CIO, CSO and PricewaterhouseCoopers." Source line must include CIO magazine, CSO magazine and PricewaterhouseCoopers. Survey results will be covered in depth in the October 15th issue of CIO magazine and the October issue of CSO magazine. The coverage will be available online at www.cio.com and www.csoonline.com. Information about the survey will also be available at www.pwc.com/giss2011.
About CIO and CSO Magazines
CIO and CSO magazines are published by IDG Enterprise, producer of award-winning media properties, executive programs and the CIO Executive Council for corporate officers who use technology and security to thrive and prosper in this new era of business. The CIO portfolio includes CIO.com, CIO magazine (launched in 1987), CIO Executive Programs and the CIO Executive Council. CIO properties provide business technology leaders with analysis and insight on information technology trends and a keen understanding of IT's role in achieving business goals. The U.S. edition of the magazine and website are recipients of more than 200 awards to date, including the Top B-to-B magazine since 2000 from American Society of Business Publication Editors, two Grand Neals from the Jesse H. Neal National Business Journalism Awards and two Magazine of the Year awards from the National Society of Business Publication Editors.
Launched in 2002 the CSO portfolio includes CSOonline.com, CSO magazine and CSO Executive Programs. The properties provide chief security officers (CSOs) in the public and private sectors with analysis and insight on security trends and a keen understanding of how to develop and implement successful strategies to secure all business assets—from people to information and financial value to physical infrastructure. The U.S. edition of the magazine and website are the recipients of more than 100 awards to date, including the Top B-to-B magazine since 2000 and Magazine of the Year award from the American Society of Business Publication Editors as well as the Grand Neal from the Jesse H. Neal National Business Journalism Awards. IDG Enterprise is a subsidiary of International Data Group (IDG).
About PricewaterhouseCoopers' Advisory Practice
PricewaterhouseCoopers' Advisory professionals help organizations improve business performance, respond quickly and effectively to crisis, and extract value from transactions. We help clients implement their business strategies and priorities to build effective organizations, innovate and grow profitably, reduce costs, manage risk and regulation, and leverage talent. As business integrators, we look across the entire organization -- focusing on strategy, structure, people, process and technology -- to help our clients drive sustainable change that yields measurable results.
About PricewaterhouseCoopers
PricewaterhouseCoopers (www.pwc.com) provides industry-focused assurance, tax and advisory services to build public trust and enhance value for our clients and their stakeholders. More than 163,000 people in 151 countries across our network share their thinking, experience and solutions to develop fresh perspectives and practical advice.
"PricewaterhouseCoopers" refers to PricewaterhouseCoopers LLP or, as the context requires, the PricewaterhouseCoopers global network or other member firms of the network, each of which is a separate and independent legal entity.
© 2010 PricewaterhouseCoopers LLP. All rights reserved.
SOURCE PricewaterhouseCoopers
WANT YOUR COMPANY'S NEWS FEATURED ON PRNEWSWIRE.COM?
Newsrooms &
Influencers
Digital Media
Outlets
Journalists
Opted In
Share this article