According to the results of the 2012 Global State of Information Security Survey®, the majority of executives across industries and markets worldwide are confident in the effectiveness of their organization’s information security practices.
Why are executives confident, and where have organizations made progress in addressing information security over the past year? What are the signs of vulnerability and weakness in security-related capabilities? And which priorities and opportunities should executives address now in order to prepare for the cyber threats ahead?
Some of the key findings include:
Almost half of respondents see themselves as “front-runners”, and these companies approach Information Security differently
This year, a surprisingly high percentage of respondents (43%) consider their organization, in effect, a “front-runner” in information strategy and execution.
Respondents are confident that their security activities are effective
A clear majority of respondents are confident that their organization’s security activities are effective.
More than seven out of ten (72%) of respondents say they feel confident in the effectiveness of their organization’s information security capabilities. This level of assurance indicates that information security is viewed as a critical business function rather than a “patchwork of technical guesses” or merely a line item in the CIO’s budget. In other words, survey respondents appear to believe that the information security function is doing its job quite well.
Security capabilities have been degrading since 2008
While organizations have invested in capabilities for prevention, detection, and Web-related security initiatives, this year’s survey reveals a troubling degradation in core security-related capabilities.
Key areas of improvement include C-suite buy in and increased funding
When asked to identify the highest hurdle to improving information security, responses vary by role. CEOs point first to a lack of capital and then themselves – and lastly to the CISO. CFOs cite the CEO. Interestingly, CIOs and CISOs report a lack of vision and an effective security strategy – and rank themselves at the bottom of the list
Asia races ahead while the world’s information security arsenals age
Today 76% of Asia respondents say their organization has implemented an overall security strategy, insights into security incidents have soared, and the importance of the security function is more widely acknowledged than in any other region.
Contacts
Methodology
The 2012 Global State of Information Security Survey® is a worldwide security survey by PwC, CIO Magazine and CSO Magazine. Readers of CIO and CSO Magazines and clients of PwC were invited take the survey. The results are based on the responses of more than 9,600 CEOs, CFOs, CISOs, CIOs, CSOs, VPs and directors of IT and information security from 138 countries.
- North America : 29%
- Europe 26%
- South America: 21%
- Asia 20%
- Middle East and South Africa: 3%
The margin of error is less than 1%.
2012 Global State of Information Security Survey
Download the report
The 14th annual Global State of Information Security Survey explores critical drivers of information security effectiveness
To download a customized report, select the items you want below: