In the midst of one of the most significant economic downturns in decades, no company, department, or program has been spared. One would expect, then, that information security would be subject to similar cost-cutting measures. Surprisingly, though, a recent survey found that the security function is being spared. However, it is facing new challenges arising from the downturn.1
Tightening the purse strings on security is not on most chief information officers’ agendas; in fact, some organizations are investing more in information security. Of the senior executives surveyed, 63 percent expect information security spending either to increase or to stay the same. In fact, the economic downturn is one of the leading drivers of information security spending, ranking second after business continuity/ disaster recovery. Companies that are cutting back are doing so with restraint. The majority are reducing their spending by less than 10 percent or deferring initiatives by less than six months.
With increased investment, information security initiatives are under pressure to perform. Because of more employee layoffs and greater risks associated with suppliers and business partners, many executives believe that information security is more vulnerable than ever. Threats include a more complex regulatory environment and other cost reduction efforts that could affect security performance.
The bottom line: In times of uncertainty, information security cannot be ignored. And companies that invest in protecting their data will not only limit damage to their assets and their reputations but also emerge stronger and more resilient.