Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Wednesday, October 21, 2009

Information Security Still a Priority In IT Budgets

A survey from PricewaterhouseCoopers shows that infosec budgets are seeing little in the way of cuts, and are even increasing in some cases.
Just because there’s a global economic crisis doesn’t mean the security teams at the world’s companies will be getting any kind of break in their work.

According to PricewaterhouseCooper’s (New York) Global State of Information Security 2010 survey, information security executives are facing more challenges today than ever.  Surprisingly, however, they are not being starved of the resources they need to keep company data safe.

PwC surveyed its own clients in 130 countries, plus the readers of CIO Magazine and CSO Magazine.

Technology and financial services companies consisted of the top two in terms of survey participants, at 1,250 and 1,165 respondents, respectively.

Mark Lobel, a principal with PwC in its security practice, told attendees at a conference unveiling the survey results on Wednesday that he and his team weren’t too optimistic about what they would find, given all the news of layoffs and budget cutbacks.

Even in this crisis, 38 percent of global companies said they still plan to increase their information security spending.

Forty-three percent of respondents said their companies are deferring security initiatives for capital expenditures, while 40 percent said they were deferring these initiatives for operating expenditures.

“I believe that moving from 2009 to 2010 will be a coming of age for information security,” he said.

Even so, information security executives are experiencing more pressure from the top to prove the value of their expenditures on security technology.  Further findings from the survey found that there has been a steady increase in security incidents from 2008 to 2009, with 35 percent of companies reporting 1 to 9 incidents, versus 30 percent last year.

Also, data is the biggest target of cyber thieves: 23 percent this year, as opposed to 16 percent in 2008.  Although respondents said 33 percent of incidents occurred because of a current employees, 39 percent didn’t know whether it was from the inside, a former employee or a hacker.

It’s no longer acceptable to reactively hear about a breach.  Again, referring to the leadership role financial services has shown in data security, Lobel indicated another finding: that although the downturn is a driver for companies’ infosec spending, it had less of an impact on financial services than other sectors (38 percent for financial services versus 43 percent for technology, 42 percent for healthcare and 41 percent for the retail industry).;jsessionid=LTGLRGEA3IYVFQE1GHPSKHWATMY32JVN?articleID=220800154&_requestid=525984

Posted on 10/21