IT security spending to rise despite recession

After a year full of high-profile data losses, the majority of organisations are set to increase or maintain their investment in information security.

That’s according to the eleventh Ernst & Young Global Information Security survey, which canvassed the views of information security executives across 1,400 public and private sector organisations in 50 countries.

Half of all those polled and 58 per cent of UK respondents said they would be increasing their annual investment in information security, bucking the expected downward trend in IT budgets and spending, in response to the global economic downturn. Only five per cent planned IT security spending reductions.

“In the past, IT spend – which typically includes information security – has been one of the first areas to be cut in an economic downturn, but that is not the case this year,” said Richard Brown, an Ernst & Young partner in technology and security risk services.

Awareness and privacy remain key challenges as, for the first time in the survey’s history, the majority of respondents (85 per cent) cited damage to their organisation’s reputation and brand as the number one driver for information security activities. In 2007, just 24 per cent cited reputation and brand as a strategic driver – with compliance having previously topped the list since 2005.

The survey also revealed that having the money to spend on IT security and spending it wisely are two very different things, as 30 per cent of UK respondents they had no documented strategic vision for information security over the next one to three years. This was significantly higher than the 18 per cent of companies globally that admitted to having no medium-term security plan.

The UK does fare better than most on implementing controls to protect customers’ personal information. Almost nine out of ten (88 per cent) of UK respondents have already done so and 83 per cent said that they now have a clear understanding of privacy law – 17 per cent higher than the global average.

Yet only 44 per cent of respondents globally were training their staff in data handling. And less than 15 per cent had insurance coverage for cyber risks, where only five per cent cited an intention to purchase a cyber insurance policy in the next year.

Brown concluded: “Economic uncertainty can often lead to an increase in fraud and security incidents, so this is exactly the time when companies cannot afford to compromise security – doing so would only compromise the business.”

Email to a friend

Print this page

Social Bookmark this article: What is this?

Digg

Delicious

Reddit

StumbleUpon

Slashdot

Google

Facebook