In recent years, Asia Pacific and South America have been at the forefront of information security advances. While these two continents continue to show advances in implementation of key security processes and tools, they are lagging in detection of security incidents and investing in information security budgets.
Respondents from North America detected more incidents than any other geographic region. Europe, however, showed the greatest increase in detection of security incidents. South America was the only region to report a decline in the discovery of compromises.
When it comes to investments in security budgets, Europe again leads the way with the highest (12%) increase in security spending. IS budgets in North America inched up slightly, while organizations in Asia Pacific and South America are reigning in security spending.
The sources of security incidents are remarkably similar across geographic regions, with some minor variations. In South America, for instance, more respondents point the finger at former employees than any other region. Respondents from South America were also more likely to cite service providers, consultants, contractors, and business partners as the perpetrators of incidents. Compromises attributed to competitors were highest in Asia Pacific, and specifically in China. Almost half (47%) of respondents from China point to competitors as the source of security incidents, higher than any other nation.
Asia Pacific remains a leader in implementing strategic processes and safeguards for information security, setting the pace in numerous practices.
The region is more likely to have an information security strategy that is aligned to the specific needs of the business and to have a senior executive who communicates the importance of security across the enterprise. It rates high (tied with South America) in having a Chief Information Security Officer in charge of the security program. Asia Pacific also is most likely to require that employees are trained in privacy practices and shows a strong commitment to employee security awareness and training.
Asia Pacific ties with South America and North America in one key practice: 58% of respondents from the three regions say they have security standards for external partners, customers, suppliers, and vendors.
While Asia Pacific has led in security spending in recent years, the region reports a 13% decline in information security budgets in 2014. Respondents also report that financial losses due to security incidents increased 22% over 2013.
Respondents from Europe report advances in two key metrics: They lead in the increase of detected incidents over last year and are also setting the pace in information security spending.
At the same time, Europe also reports the biggest jump in financial losses attributed to security incidents. That makes sense, however, given the increase in detected incidents.
When it comes to implementation of strategic security safeguards, Europe tends to land in the middle ground compared with other regions. For instance, European respondents are less likely than those from Asia Pacific and South America to have a CISO in charge of security and to ensure that security spending is aligned with the organization’s most profitable lines of business. And it is ahead of North America in some key security practices, such as mobile device security and collaborating with external entities to improve security.
Respondents from North America report gains in two key areas this year: Detection of security incidents and a modest increase in security spending. Financial losses attributed to security events decreased 7% from 2013, which suggest that North American respondents are becoming more adept at identifying and responding to security events.
When it comes to implementing the right strategic policies, North America is beginning to catch up in some key areas but lags, comparatively in others. For instance, North American organizations are more likely to require third parties to comply with privacy policies; they also lead in commitment to employee training and awareness programs. The region also ranks high in implementation of security standards for external partners, customers, suppliers, and vendors.
North America trails other regions in several practices, including ensuring that security spending is aligned with the most profitable lines of business and Board participation in the security strategy. Implementation of mobile security tools such as mobile-device management software and collaboration with others to improve security is also lower in North America.
In recent years, South America has led in implementation of key security practices. The region continues to set the pace in several areas, but it is beginning to lag in two important areas.
This year, South American organizations detected fewer incidents than the year before. And respondents report that security spending dropped 24% over 2013, the steepest decline of any region.
South America also reports very high incidences of insider threats, in particular incidents attributed to former employees. Respondents from South America are also the most likely to cite service providers, consultants, contractors, and business partners as the perpetrators of incidents.
South America leads in several strategic initiatives, however, including having a policy to align security spending with the most profitable lines of business and implementation of mobile security measures. Organizations from South America are also most likely to collaborate with others to improve security and to have a CISO in charge of the security program. Respondents from the region show the weakest commitment to employee training and awareness programs, however.