Asian companies are now on par and many surpass North American companies in establishing leading practices in security

October 30, 2008 — According to the 6th annual Global State of Information Security Survey^® 2008, asian companies have made dramatic gains in upgrading their information security efforts. The study — the largest of its kind — was conducted by PricewaterhouseCoopers LLP (PwC) in conjunction with CIO and CSO magazines.

Asian companies are now on par and many surpass North American companies in establishing leading practices in security, the study found. Boosted primarily by the widespread progress made by companies in India. Companies in South America are making great strides in many critical areas of security and are catching up quickly. Efforts to improve information security in Europe, meanwhile, appear to have stalled.

Philip Gudgeon, Partner, Leader of PricewaterhouseCoopers Performance Improvement Practice, comments:

“Companies in India have reported strong, consistent, double-digit gains across virtually every security domain and have taken a strategic approach to security. We expect this trend to continue given that so many Indian survey respondents expect security spending to increase over the next 12 months.”

This year, survey respondents across industries and sectors, countries and regions, business models and company sizes, report strong, double-digit advances in implementing new security technologies. Overall, 74 percent of respondents reported that information security spending will either increase or stay the same over the next 12 months.

However, although organizations continue to invest heavily in security tools such as software for intrusion detection, encryption and identity management, they are still struggling with their security processes. There appears to be an overall misalignment with executive management’s view of security, causing many organizations to fail to capture the full value of their spending, the study shows.

“Information has become the new currency of business — its portability and accessibility are crucial components of a collaborative, interconnected business landscape,” adds Philip Gudgeon. “Organizations need to be prepared to address data security issues, have the proper tools in place, and understand how to use them effectively.”

According to the study, more organizations than ever are encrypting databases (55 percent), laptops (50 percent), backup tapes (47 percent) and other media. Fifty-nine percent of respondents said they have implemented an “overall information security strategy” which includes: the increased use of intrusion detection software (62 percent compared to 52 percent in 2007); the installment of firewalls to protect individual applications (67 percent compared to 62 percent in 2007); and the disposal of outdated computer hardware (67 percent compared to 58 percent in 2007). The majority of security spending comes from the IT group (57 percent) followed by the security department and other functional areas such as marketing, human resources and legal.

When asked to identify the most critical business issues or factors driving information security spending, 57 percent of respondents still point first to “business continuity/disaster recovery.” This year, the study asked about the impact of “change” and 40 percent of respondents cited “change” almost as often as they did “compliance with regulations or internal policies” (44 percent and 46 percent respectively) as critical factors driving security spending.

Notes to Editor:

1. For further details, please contact Anna Aristova, PR Assistant Manager.
2. Methodology. The Global State of Information Security 2008, a worldwide security survey by PricewaterhouseCoopers, CIO and CSO magazines, was conducted online from March 25 to June 26, 2008. Readers of CIO and CSO magazines and clients of PricewaterhouseCoopers from around the globe were invited via email to take the survey. The results discussed in this report are based on the responses of more than 7,000 CEOs, CFOs, CIOs, CSOs, vice presidents and directors of IT and information security from 119 countries. The margin of error is ±1%.
3. Please reference the study as “The State of Information Security 2008, a worldwide study by CIO, CSO and PricewaterhouseCoopers.” Source line must include CIO magazine and PricewaterhouseCoopers. Survey results will be covered in-depth in the October 15th issue of CIO magazine and the November issue of CSO magazine. The coverage will be available online at www.cio.com and www.csoonline.com. Information about the survey will also be available at the Global state of information security survey 2008 page.
4. 
   
   “PricewaterhouseCoopers” refers to the network of member firms of PricewaterhouseCoopers International Limited, each of which is a separate and independent legal entity.