Asia on the runway as the next global leader in information security

SINGAPORE, 1 December 2010 – Globally, more than half (52%) of the security professionals surveyed are optimistic that their companies will increase information security spending in the next year. Economic conditions will continue to drive information security spending according to 49 per cent of all respondents, based on the latest 2011 Global State of Information Security Survey® (GISS) conducted by PricewaterhouseCoopers (PwC) in conjunction with CIO and CSO magazines.

The GISS survey, in its 8th year, is the largest study of its kind, covering 12,800 executives from 135 countries. Despite the general optimism on security spend revealed by the executives, many also indicated that their company’s business partners (52%) and suppliers (50%) have been weakened by economic conditions, a substantial increase from 43% and 42%, respectively, in 2009.

"With more companies outsourcing their operations to external partners, it is understandable that there is a rising concern as to whether their business partners could have been weakened by economic conditions, " said Tan Shong Ye, the Partner leading the IT Risk consulting practice in PwC Singapore.

"Companies are concerned about the vulnerability of these external partners, especially in information security arena."

Elaborating on the reason for their concern, Shong Ye said: "A weakened position could result in less emphasis on security controls – a fact that is particularly a concern if a company's critical information is stored and processed not within the company itself but by these external partners."

Client requirements justify Asia’s security spending

Asian respondents have revealed that they are much more likely (86%) than their counterparts in North (71%) and South (81%) America, and in Europe (68%) to spend on information security.

The need to address client requirement has taken the lead in Asia (52%) as the justification driving spending on security, followed closely by concerns over potential liability/exposure (45%). Asia’s response follows global trends more closely than other regions, where globally, Client requirement has moved up from the bottom of the list in 2007 to near parity with the top-ranking legal/regulatory environment as the justification for security spending.

"Closer to home, Singapore respondents have indicated that their main driver for spending more is due to legal and regulatory compliance needs‖. Shong Ye continued, ―80% of the security professionals in Singapore are generally more confident about security management and controls than their counterparts elsewhere as organisations here are already seeing information security as playing more strategic roles in businesses."

Asian companies relentless in their pursuit of security

Asian companies are also seeing the need to strengthen governance, risk and compliance capabilities as an important priority (75%) compared to South America (70%), North America (66%) and Europe (56%) despite perceived difficult economic conditions, according to the survey.

Asia’s focus on data protection

In particular, 71% of the respondents globally reported that data protection leads other security strategies like priortizing security investment based on risks and strengthening the company’s governance, risk and compliance program. Asia seems to take lead in this as 42% of the respondents in Asia said that they have accurate inventory of where sensitive data is stored, as compared with North America (40 percent), South America (33 percent) and Europe (24 percent).

"Asian companies are recognising the necessity for security strategies to thrive given an increasingly risky environment. Our prevailing economic conditions have significantly advanced the role and importance of the security function, and companies in Asia know that they have to bite the bullet in security and they are starting to do so with a focus on data protection."

Other key findings

Some interesting findings from the 2011 Global State of Information Security Survey® include:

  1. Many companies are unprepared to deal with the potential risks of social networking and other Web 2.0 applications.
  2. 63% of companies surveyed globally either do not have a contingency plan to respond to incidents, or are of the view that the plan they have do not work.
  3. 46% of companies are using an additional tool -- insurance -- to protect the organization from theft or misuse of assets such as sensitive data or customer records.

-ends-

NOTE:

About 2011 Global State of Information Security Survey

The 2011 Global State of Information Security Survey® is a worldwide security survey by PricewaterhouseCoopers, CIO and CSO magazines. It was conducted online from February 19, 2010 to March 4, 2010. Readers of CIO and CSO magazines and clients of PricewaterhouseCoopers from around the globe were invited via email to take the survey.

The results discussed in this report are based on the responses of more than 12,840 CEOs, CFOs, CIOs, CSOs, vice presidents and directors of IT and information security from 135 countries. 37% of respondents were from Asia (0.4% from Singapore), 30% from Europe, 17% from North America, 14% from South America, and 2% from the Middle East and South Africa. The margin of error is less than 1%.

Please reference the study as ―The 2011 Global State of Information Security Study®, a worldwide study by CIO, CSO and PricewaterhouseCoopers.‖ Source line must include CIO magazine, CSO magazine and PricewaterhouseCoopers. Survey results will be covered in depth in the October 15th issue of CIO magazine and the October issue of CSO magazine. The coverage will be available online at www.cio.com and www.csoonline.com.

Data Extracted from 2011 Global State of Information Security Survey

 

Not all factors shown. Does not add up to 100%. Respondents were allowed to indicate multiple factors.
Source: 2011 Global State of Information Security Survey®

About CIO and CSO Magazines

CIO and CSO magazines are published by IDG Enterprise, producer of award-winning media properties, executive programs and the CIO Executive Council for corporate officers who use technology and security to thrive and prosper in this new era of business. The CIO portfolio includes CIO.com, CIO magazine (launched in 1987), CIO Executive Programs and the CIO Executive Council. CIO properties provide business technology leaders with analysis and insight on information technology trends and a keen understanding of IT’s role in achieving business goals. The U.S. edition of the magazine and website are recipients of more than 200 awards to date, including the Top B-to-B magazine since 2000 from American Society of Business Publication Editors, two Grand Neals from the Jesse H. Neal National Business Journalism Awards and two Magazine of the Year awards from the National Society of Business Publication Editors.

Launched in 2002 the CSO portfolio includes CSOonline.com, CSO magazine and CSO Executive Programs. The properties provide chief security officers (CSOs) in the public and private sectors with analysis and insight on security trends and a keen understanding of how to develop and implement successful strategies to secure all business assets—from people to information and financial value to physical infrastructure. The U.S. edition of the magazine and website are the recipients of more than 100 awards to date, including the Top B-to-B magazine since 2000 and Magazine of the Year award from the American Society of Business Publication Editors as well as the Grand Neal from the Jesse H. Neal National Business Journalism Awards. IDG Enterprise is a subsidiary of International Data Group (IDG).

About PwC - Globally

PwC firms provide industry-focused assurance, tax and advisory services to enhance value for their clients. More than 161,000 people in 154 countries in firms across the PwC network share their thinking, experience and solutions to develop fresh perspectives and practical advice. See www.pwc.com for more information.

"PwC" is the brand under which member firms of PricewaterhouseCoopers International Limited (PwCIL) operate and provide services. Together, these firms form the PwC network. Each firm in the network is a separate legal entity and does not act as agent of PwCIL or any other member firm. PwCIL does not provide any services to clients. PwCIL is not responsible or liable for the acts or omissions of any of its member firms nor can it control the exercise of their professional judgment or bind them in any way.

About PwC - China, Hong Kong, Singapore and Taiwan

PwC China, Hong Kong, Singapore and Taiwan work together on a collaborative basis, subject to local applicable laws. Collectively, we have more than 580 partners and a strength of 14,000 people.

Providing organisations with the advice they need, wherever they may be located, our highly qualified, experienced professionals listen to different points of view to help organisations solve their business issues and identify and maximise the opportunities they seek. Our industry specialisation allows us to help co-create solutions with our clients for their sector of interest.

We are located in these cities: Beijing, Hong Kong, Shanghai, Singapore, Taipei, Chongqing, Chungli, Dalian, Guangzhou, Hsinchu, Kaohsiung, Macau, Ningbo, Qingdao, Shenzhen, Suzhou, Taichung, Tainan, Tianjin, Xiamen and Xi'an.

China www.pwccn.com
Hong Kong www.pwchk.com
Singapore www.pwc.com/sg
Taiwan www.pwc.com/tw

For media inquiries, please contact:

Suzanne Tan (Direct Line: +65 6236 4074, e-mail: suzanne.jy.tan@sg.pwc.com)
Daniel Tan (Direct Line: +65 6236 3970, e-mail: daniel.el.tan@sg.pwc.com)