2007 Global state of information security study*

Download 2007 Global state of information security study whitepaper (92kb)

Overview

While more companies are tackling security strategically, many are still missing opportunities to turn these investments into business value.

The signs are unmistakable. For the first time in the history of our survey, respondents who report that their organization is embracing a strategic approach to protecting information – at least, at some level – now outnumber those that do not.

This is one of the first conclusions you would reach after reviewing detailed responses to the 5th annual Global State of Information Security Survey 2007, a worldwide study by CIO magazine, CSO magazine and PricewaterhouseCoopers. The study, which is the largest of its kind, elicits insights on security and privacy practices from 7,200 IT, security and business executives across all industries and more than 100 countries.

Start with the fact that the majority of respondents worldwide now say their organization has an overall security strategy in place (57% vs. 37% in 2006) and employs either a Chief Information Security Officer or a Chief Security Officer (60% vs. 43%). More than half (52%) also report that their company actively engages both business and IT decision-makers in addressing information security issues.

A closer examination, however, might surprise you. Other findings – on capabilities that range from protecting data to extending security practices to third parties – begin to reveal why so many companies are still struggling to turn investments in security into demonstrable – and measurable – business value.
Key indicators:

1. Almost 6 out of 10 (57%) respondents worldwide say their organization has an information security strategy in place. Only another 13%, however, consider putting one in place a “top priority”.
2. Almost half of all respondents worldwide (48%) say their organization does not actively engage both business and information technology decisionmakers in addressing information security.
3. More than 7 out of 10 security managers, administrators and technicians worldwide believe that their organization’s security policies and spending can be improved.