With a year-on-year spending increase of 85%, Asia Pacific still holds the top security spot overall. But South America is closing in fast, while North America and Europe continue to lag on key metrics.
While security spending and programmes are still robust in Asia Pacific, implementation of certain security policies and technologies—for example, measures on employee training and IP protection, as well as backup and recovery/business continuity—is beginning to stall. That said, respondents are optimistic on future IS spending, with 60% saying their security budget will increase over the next 12 months.
Asia Pacific respondents are likely to have adopted progressive new security measures, such as having a senior executive who communicates the importance of security (69%) and collaborating with others to enhance security (59%). They are also likely to deploy intrusion-detection technologies (67%) and to keep an inventory of where personal data is collected, transmitted, and stored (60%).
By most measures, China, comprising one-third of all regional respondents, eclipses other countries, both regionally and globally, in security practices—including in policies covering the fusion of cloud computing, mobility, personal devices, and social media. India, with 31% of regional respondents, is also making solid overall gains in security programmes and policies, although it has not quite reached the level of China.
With impressive strides in security spending, policies, and technologies, South America is by many measures matching, and sometimes surpassing, Asia Pacific in its security preparedness. Indeed, in each case, at least 70% of respondents have an overall security strategy in place, employ a CISO, and have measured or reviewed the effectiveness of their security practices in the past year.
South America is also poised to take the lead in information security investment—budgets have jumped 69% over last year, and fully two-thirds of the respondents expect security spending to increase over the next 12 months. Also, half or more have a mobile security strategy, a business continuity policy, an incident response process and a senior executive in place who communicates the importance of security.
Respondents from Brazil comprise the largest percentage of South America respondents (48% of the total), followed by Mexico (30%), and Argentina (21%). Brazil ranks high in many measures—behavioral profiling and monitoring (57%) and use of vulnerability scanning tools (63%)—but generally lags China and the U.S.
Investment in security is soaring in North America (up 80% over the previous year), as is the number of detected security incidents (jumping 117% over 2012). And while the outlook for future spending in the coming year (38%) is the lowest among all regions surveyed—and adoption of certain key safeguards, such as IP protection procedures and end-user security awareness training, also remains disturbingly low—North America does lead in some important areas.
These areas of global leadership include having an overall security strategy (81%), requiring third parties to comply with privacy policies (62%), and employee security awareness training (64%). North American respondents are also most likely to inventory where personal data is collected, transmitted, and stored (64%) and to employ intrusion-detection technologies (67%).
The U.S., which accounts for 84% of North America respondents, ranks high in policies for cloud computing (52%), mobile device security (60%), social media (58%), and BYOD (64%)—second only to China in most cases.
Unlike other regions, European respondents report investment in information security is down slightly (3%) over last year, while the continent continues to lag in adoption of key security safeguards.
In addition to that slight degradation of security spending, only 46% of European respondents believe security spending will increase over the next 12 months. While the number of detected security incidents is down 22% over last year, average financial losses due to security incidents did show a 28% increase.
Europe also lags in many aspects of security safeguards and policies. Fewer than 30% of the respondents have policies for security risk assessment, end-user security awareness training and communications or classifying the business value of data—or have procedures dedicated to protecting their intellectual property.
Also lacking were European respondents’ implementation of important policies—including backup and recovery/business continuity (45%) and security awareness training and communications (21%)—degree of collaboration with others (45%), and deployment of mobile security policies (38%).