"And based on the results of our study, the industry is not yet prepared to meet the risk management challenges as we head into a period of massive opportunity to maximize the value of data and the promise of new automation. This may be because the industry is behind in implementing important foundational technologies, such as identity and access management solutions, or reluctance to adequately fund the security functions. Bottom line: the industry needs to act aggressively to catch up," Junaideen added.
Despite more than 50 percent of respondents across sectors reporting their information security budgets increased, the majority of increases were in the low range of 1 to 15 percent. Moreover, respondents confirmed that information security budgets are not separate from the IT budget, and most IT budgets dedicated just 1 to 3 percent to information security.
"The problem with folding information security into the overall IT budget," said Junaideen, "is that security often falls to the bottom of the funding list. Priority is given to projects and infrastructure that are perceived as being more important to the business or contributing to revenue generation."
In examining areas such as governance, and in particular the information security function and the role of the Chief Information Security Officer (CISO), respondents revealed a glaring weakness. While the majority of respondents across all regions indicated they indeed have a CISO and this role is taking on greater significance with respect to planning, governance, administration, architecture and IT risk management, 43 percent of respondents do not have a CISO.
"This is a disturbing statistic," said Junaideen, "especially since a strong
Copyright©2009 PR Newswire.
All rights reserved