NEW YORK and FRAMINGHAM, Mass., Oct. 15, 2008 (GLOBE NEWSWIRE) -- Asian companies have made dramatic gains in upgrading their information security efforts, according to the 6th annual Global State of Information Security Survey(r) 2008. The study -- the largest of its kind -- was conducted by PricewaterhouseCoopers LLP (PwC) in conjunction with CIO and CSO magazines. The study polled 7,000 information technology executives from 119 countries across all industries on the challenges of protecting corporate information assets.
Boosted primarily by the widespread progress made by companies in India, Asian companies are now on par and many surpass North American companies in establishing leading practices in security, the study found. Companies in South America are making great strides in many critical areas of security and are catching up quickly. Efforts to improve information security in Europe, meanwhile, appear to have stalled.
"Companies in India have reported strong, consistent, double-digit gains across virtually every security domain and have taken a strategic approach to security," says Mark Lobel, a principal in the Advisory practice of PricewaterhouseCoopers. "Security efforts of Indian organizations have surpassed those of companies in the United States and we expect this trend to continue given that so many Indian survey respondents expect security spending to increase over the next 12 months."
This year, survey respondents across industries and sectors, countries and regions, business models and company sizes, report strong, double-digit advances in implementing new security technologies. Overall, 74 percent of respondents reported that information security spending will either increase or stay the same over the next 12 months.
However, although organizations continue to invest heavily in security tools such as software for intrusion detection, encryption and identity management, they are still struggling with their security processes. There appears to be an overall misalignment with executive management's view of security, causing many organizations to fail to capture the full value of their spending, the study shows.
"Information has become the new currency of business -- its portability and accessibility are crucial components of a collaborative, interconnected business landscape," adds Lobel. "Organizations need to be prepared to address data security issues, have the proper tools in place, and understand how to use them effectively."
According to the study, more organizations than ever are encrypting databases (55 percent), laptops (50 percent), backup tapes (47 percent) and other media. Fifty-nine percent of respondents said they have implemented an "overall information security strategy" which includes: the increased use of intrusion detection software (62 percent compared to 52 percent in 2007); the installment of firewalls to protect individual applications (67 percent compared to 62 percent in 2007); and the disposal of outdated computer hardware (67 percent compared to 58 percent in 2007). The majority of security spending comes from the IT group (57 percent) followed by the security department and other functional areas such as marketing, human resources and legal.
"We know security is on the minds of decision makers around the globe," says Abbie Lundberg, Editor of CIO magazine. "One question we were interested in this year was where the investment emphasis is being placed. The answer is in technology; now companies need to back that up with an increased focus on ensuring compliance with existing policies and programs."
When asked to identify the most critical business issues or factors driving information security spending, 57 percent of respondents still point first to "business continuity/disaster recovery." This year, the study asked about the impact of "change" and 40 percent of respondents cited "change" almost as often as they did "compliance with regulations or internal policies" (44 percent and 46 percent respectively) as critical factors driving security spending.
In spite of the rapidly evolving maturity of security capabilities, a surprisingly large percentage of respondents "don't know what they don't know." Many respondents cannot answer basic questions about the risks to their company's key information. Thirty-five percent of respondents aren't sure how many security incidents their organizations have had in the past 12 months. This number is higher in North America (40 percent) and Europe (36 percent) than it is in South America (28 percent) and Asia (25 percent). As a result, security remains largely a reactive function of the organization.
"Companies must decide on the right strategy, engage the right people, target the right data, and employ the right technology effectively. Those that are ready for the surprises will be the ones to succeed," says Lobel.
To learn more about the survey, including industry specific highlights and further regional information, please visit www.pwc.com/giss2008.
METHODOLOGY
The Global State of Information Security 2008, a worldwide security survey by PricewaterhouseCoopers, CIO and CSO magazines, was conducted online from March 25 to June 26, 2008. Readers of CIO and CSO magazines and clients of PricewaterhouseCoopers from around the globe were invited via email to take the survey. The results discussed in this report are based on the responses of more than 7,000 CEOs, CFOs, CIOs, CSOs, vice presidents and directors of IT and information security from 119 countries. The margin of error is +/- 1%.
NOTE TO EDITORS: Please reference the study as "The State of Information Security 2008, a worldwide study by CIO, CSO and PricewaterhouseCoopers." Source line must include CIO magazine and PricewaterhouseCoopers. Survey results will be covered in-depth in the October 15th issue of CIO magazine and the November issue of CSO magazine. The coverage will be available online at www.cio.com and www.csoonline.com. Information about the survey will also be available at www.pwc.com/giss2008.
About CIO and CSO Magazines
CIO and CSO magazines are published by CXO Media Inc., producer of award-winning media properties, executive programs and the CIO Executive Council for corporate officers who use technology and security to thrive and prosper in this new era of business. The CIO portfolio includes CIO.com, CIO magazine (launched in 1987), CIO Executive Programs and the CIO Executive Council. CIO properties provide business technology leaders with analysis and insight on information technology trends and a keen understanding of IT's role in achieving business goals. The U.S. edition of the magazine and website are recipients of more than 200 awards to date, including the Top B-to-B magazine since 2000 from American Society of Business Publication Editors, two Grand Neals from the Jesse H. Neal National Business Journalism Awards and two Magazine of the Year awards from the National Society of Business Publication Editors.
Launched in 2002 the CSO portfolio includes CSOonline.com, CSO magazine and CSO Executive Programs. The properties provide chief security officers (CSOs) in the public and private sectors with analysis and insight on security trends and a keen understanding of how to develop and implement successful strategies to secure all business assets -- from people to information and financial value to physical infrastructure. The U.S. edition of the magazine and website are the recipients of more than 100 awards to date, including the Top B-to-B magazine since 2000 and Magazine of the Year award from the American Society of Business Publication Editors as well as the Grand Neal from the Jesse H. Neal National Business Journalism Awards. CXO Media is a subsidiary of International Data Group (IDG).
About PricewaterhouseCoopers' Advisory Practice
PricewaterhouseCoopers' business advisory professionals provide clients with the confidence to succeed by helping them anticipate, create and manage change. Whether clients are proactively implementing change or reacting to an unplanned event, we leverage our Firm's resources, deep industry experience, and functional acumen across the areas of operations, finance, organizational strategy and structure, process improvement, human resources optimization, technology integration and implementation, risk mitigation and crisis management to help organizations effect sustainable change.
About PricewaterhouseCoopers
PricewaterhouseCoopers (www.pwc.com) provides industry-focused assurance, tax and advisory services to build public trust and enhance value for its clients and their stakeholders. More than 154,000 people in 153 countries across our network share their thinking, experience and solutions to develop fresh perspectives and practical advice.
"PricewaterhouseCoopers" refers to PricewaterhouseCoopers LLP or, as the context requires, the PricewaterhouseCoopers global network or other member firms of the network, each of which is a separate and independent legal entity.