Regulatory Compliance Drives Security Investments
Interestingly, maintaining customer confidence (15%) and risk of financial loss (8%) rank lower than regulatory demands on the list of investment priorities for these security executives.
On average, the security professionals polled spend have an annual security budget of $16.6 million. Over the past nine months, this number has remained consistent with previous survey findings. Budgets include both IT security and corporate/physical security.
Despite indicating that the theft of intellectual property or proprietary information is not a key driver for investing in security, CSOs find it to be a major area of concern.
Fifty-six percent (56%) of CSOs believe managing access to critical documents and corporate information within their organizations is important, yet 27% said it is they will implement an enterprise-wide solution to mitigate the risk. Fifteen percent (15%) of respondents report a loss or unauthorized duplication of critical documents or corporate information in the past 12 months, while 24% were unsure.
CSOs also report taking great measures to safeguard the critical data in their networks. For example, when employees leave their organizations, most CSOs (74%) report they block access to the network and all of its critical documents and proprietary information within the same business day; 39% do so within one hour or less.
Similarly, 81% block physical access to the organization within the same business day, with 47% locking the doors within one hour or less.
Other questions and top five results:
Who, outside your security department, has the greatest influence over security investment in your organization?
Please estimate your organization's total annual IT budget in 2004.
How confident are you that your organization's information security activities are effective?
How confident are you in the ability of your organization to continue operating despite an electronic or physical event or disaster?
When disposing of IT assets does your organization do anything to ensure that critical information is removed from these?
When disposing of IT assets like those mentioned above, does your organization do anything to ensure that computer waste is handled and disposed of properly, that is, according to environmental regulations?
For which of the following types of incidents does your organization have contingency plans in place?
CSO magazine conducted this online survey between April 27, 2004 and May 18, 2004 among 476 chief security officers and other security executives who subscribe to CSO magazine. An email invitation containing a link to the survey was sent to 20,000 CSO subscribers, receiving 476 completed surveys. Respondents have average company revenues of $7.0 billion, average security budgets of $16.6 million and an average number of employees of 20,030. Results have a 4.5% margin of error.
This article was compiled and edited by CIO Update staff. Please direct any questions regarding its content to Allen Bernard, Managing Editor.