Asia’s security practices now at par with North America
Study that polled 7,000 IT executives in 119 countries showed Asian companies have made dramatic progress in information security practices.
The study, the largest of its kind, conducted by PricewaterhouseCoopers LLP (PwC) in conjunction with CIO and CSO magazines, the 6th annual Global State of Information Security Survey 2008, revealed that these companies have made remarkable gains in upgrading their information security efforts. The study focused on the challenges of protecting corporate information assets.
The study also found that the progress was brought about primarily by the widespread progress made by companies in India, bringing Asian companies’ practices in security are now at par and many surpass North American companies.
Moreover, the study also established that companies in South America are making great strides in many critical areas of security and are catching up quickly.
“Companies in India have reported strong, consistent, double-digit gains across virtually every security domain and have taken a strategic approach to security,” says Mark Lobel, a principal in the Advisory practice of PricewaterhouseCoopers. “Security efforts of Indian organizations have surpassed those of companies in the United States and we expect this trend to continue given that so many Indian survey respondents expect security spending to increase over the next 12 months.”
The survey also reported strong, double-digit advances in implementing new security technologies, with 74 percent of the respondents across industries and sectors, countries and regions, business models and company sizes, saying that information security spending would either increase or stay the same over the next 12 months.
While they continue to invest heavily in security tools such as software for intrusion detection, many of them are still struggling with their security process, the survey revealed. Further, there appears to be an overall misalignment with executive management’s view of security, causing many organizations to fail to capture the full value of their spending, the study shows.
According to the study, more organizations than ever are encrypting databases (55 percent), laptops (50 percent), backup tapes (47 percent) and other media. More than half of respondents said they have implemented an “overall information security strategy” which includes: the increased use of intrusion detection software (62 percent compared to 52 percent in 2007); the installment of firewalls to protect individual applications (67 percent compared to 62 percent in 2007); and the disposal of outdated computer hardware (67 percent compared to 58 percent in 2007). The majority of security spending comes from the IT group (57 percent) followed by the security department and other functional areas such as marketing, human resources and legal.
Business continuity/disaster recovery was still named as the most critical business issue driving information security spending.
“Companies must decide on the right strategy, engage the right people, target the right data, and employ the right technology effectively. Those that are ready for the surprises will be the ones to succeed,” says Lobel.
The Global State of Information Security 2008, a worldwide study by CIO, CSO and PricewaterhouseCoopers, was conducted online from March 25 to June 26, 2008.
