Results from the world's largest information security study are in. This year, responses to The State of Information Security 2006, a worldwide study by CIO Magazine and PricewaterhouseCoopers (PwC), reveal that while companies are doing a better job of safeguarding information security and privacy, there is still plenty of room for growth and improvement. Conducted online from April 5, 2006 through May 22, 2006, the survey included responses from 7,791 readers of CIO and CSO Magazines in 50 countries.
Signs abound that, step-by-step, the role of security is maturing. Today, the information security function is more established than it's ever been. Thirty-eight percent of respondents have been in their jobs for 5 years or more and a greater percentage of security executives now report to the CEO, CFO or board of directors (62%) than ever before. Security is also gaining independence. This year, a larger pool of respondents reported that their IT security budget is separate from the IT budget (21%) than did last year (16%). Information security is also more likely to be aligned with physical security. Significantly more companies now indicate that their physical and information security chiefs report to the same executive leader (40% vs. 11% from 2003) - a key improvement in coordination between these organisations that, given the number of stolen laptops, lost data tapes, and privacy breaches, may help reduce the frequency and impact of negative security incidents.
But survey responses also revealed critical deficiencies. Only 37 percent of respondents report having an overall security strategy in place - exactly the same percentage that reported this last year. And though senior security executives are moving up the organisational ladder, responses reveal that virtually the same percentage of organisations this year as last (66% vs. 65% in 2005) have yet to employ either a CSO or CISO. Moreover, 38% of companies worldwide have yet to put this spending alignment firmly in place.
