According to the 5th annual Global State of Information Security report published by PriceWaterhouseCoopers and several IDG magazines, organizations are improving their IT security programs, but there is a continued disconnect between security and the line-of-business teams they support.

7200 organizations across all industries and more than 100 countries were surveyed for the study. Highlights from the study include:

  • 57% say an overall security strategy is in place (up from 37% in 2006)
  • 60% employ either a Chief Information Security Officer or a Chief Security Officer
  • 52% report that the company engages both business and IT in information security issues
  • 57% have a security strategy – of those left, only 13% consider putting a strategy in place a top priority
  • Over 70% of security managers, administrators and technicians believe the security policies and spending can be improved
  • Over 50% do not encrypt information on laptop computers
  • 22% have hired a Chief Privacy Officer

The first three results of the survey indicate a positive growing trend that organizations are embracing a strategic approach to protecting information. Companies are taking business continuity, reputation, and compliance strongly into consideration for security spending, versus the ‘defending the perimeter’ approach seen in years before.

However, the other results show why so many companies are still struggling to turn security investments to have measurable business value. Some companies still are not investing in security, or taking the creation of security policies as seriously as need be.

The report indicates that security departments do not communicate well with the business people they interact with. A common lack of understanding of security goals cuts into the ability to get support for stronger data protection and for more funding.

“This idea of misalignment and opportunity for better [communication] between security and business workers is one of the top themes coming out of the data,” Lobel said. “If senior executives don’t understand where funding is coming from, if they don’t know who is in charge, that’s going to hurt your efforts in the long run.”

The report looks at much more about information security, including another indication that the perceived threats have shifted from outside influences (hacking) to insider issues. The survey points out that people have not become worse, but the ability to track and monitor activities has given light to issues that previously went unnoticed.

Download the whitepaper here [PDF]

Via infoworld Tags: , , , , , , ,

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • del.icio.us
  • Digg
  • StumbleUpon
  • Technorati