Forty nine per cent of respondents in the 2011 Global State of Information Security Survey have said economic conditions continue to drive information security spending – and most said they are optimistic that their companies will increase spending in the next year.

The study, the largest of its kind, is conducted by PricewaterhouseCoopers in conjunction with CIO and CSO magazines.

The annual survey of more than 12,800 executives from 135 countries revealed a remarkable level of optimism among security executives. Fifty-two per cent said their company will increase security spending over the next year. Yet many executives said their company’s business partners (52 per cent) and suppliers (50 per cent) have been weakened by economic conditions, a substantial increase from 43 per cent and 42 per cent, respectively, in 2009.

“With the rise of outsourcing and offshoring, it is understandable that more companies are concerned that their business partners and suppliers have been weakened by economic conditions,” said Mark Lobel, an advisory principal at PwC. “This change reveals that respondents are concerned about the vulnerability that their business partners and suppliers may now face due to a reduced focus on security controls.”

Security executives said their companies also have been impacted by spending restraints, often resulting in the stalling or degradation of some fundamental security capabilities such as conducting personnel background checks and the use of vulnerability scanning tools. Additionally, 47 per cent of respondents said their organisation had reduced security-related funding for capital expenditures and 46 percent said their company had reduced security-related operating expenditures.

The top factors driving information security spending this year are economic conditions (reported by 49 per cent of respondents), business continuity and disaster recovery (40 per cent), company reputation (35 per cent), internal policy compliance (34 per cent) and regulatory compliance (33 per cent).

The only spending driver to show substantial increases this year is “client requirement,” the study found. Client requirement moved up from the bottom of the list in 2007 to near parity with the top-ranking legal/regulatory environment.

The 2011 Global State of Information Security Survey also found a significant shift in the ongoing evolution of the CISO’s (chief information security officer) reporting channel, which has moved away from the CIO (chief information officer) in favour of the company’s senior business decision-makers such as the CFO (chief financial officer) and the CEO (chief executive officer).

The survey also revealed that many companies are unprepared to deal with the potential risks of social networking and other Web 2.0 applications. Sixty per cent of respondents said their organisation has yet to implement security technologies supporting Web 2.0 exchanges such as social networks, blogs or wikis, according to the survey. Additionally, 77 per cent of respondents said their organisation has not established security policies that address the use of social networks or Web 2.0 technologies.

This lack of action on social networking and Web 2.0 technologies can expose organisations to a variety of risks, including loss or leakage of information, damage to the company’s reputation, illegal downloading of pirated material, and identity theft.

The survey also found that many companies are using an additional tool -insurance - to protect the organisation from theft or misuse of assets such as sensitive data or customer records.

Europe now trails other regions in maturity across many security capabilities. Like North America, Europe continues to suffer poor visibility into security events and, as a result, may be unaware of the true impact of events on the business. While 68 per cent of European respondents say their organisations place a high level of importance on protecting sensitive customer information, the responses from other global regions are higher, including Asia (80 per cent), North America (80 per cent), and South America (76 per cent).

The full results of the Global State of Information Security 2011 including the industry specific highlights are available at www.pwc.com/giss2011.

Sign up to our free newsletters

Get the best updates straight to your inbox:
Please select at least one mailing list.

You can unsubscribe at any time by clicking the link in the footer of our emails. We use Mailchimp as our marketing platform. By subscribing, you acknowledge that your information will be transferred to Mailchimp for processing.