PwC announce their latest security survey results.
Apparently readers of CIO and CISO magazines were interviewed. The names of the publications is not disclosed. PwC do say that the general mood among executives is positive, but with no data to support it.
PwC say that the organisation’s criteria to be “security leader” is:
- Have an overall information security strategy
- Employ a CISO who reports to the “top of the house” (CEO; CFO; COO)
- Have measured and reviewed the effectiveness of their security measures within the past year
- Understand exactly what type of security events have occurred in the past year
The key findings are:
- Good self-assessments continue this year; organizations exhibit the attributes of information security leaders
- Most respondents believe their organizations have instilled effective information security behaviors into organizational culture.
- Information security activities are effective
- Budget growth has slowed, but money is flowing again for security projects
- Reported security incidents have increased marginally, financial losses due
- to security breaches have decreased significantly
- The economic environment ranks first among the multiple factors shaping security budgets, with information security concerns lying far down the list
- There has been a long-term decline in the use of some basic information security
- detection technologies.
- Organizations are pruning their rulebooks, with some once-familiar elements
- of information security policies becoming less common.
- Safeguarding information is easier when you know where that information is. But
- organizations are keeping looser tabs on their data now than they did in
- years past.
- As mobile devices, social media, and the cloud become commonplace both inside the enterprise and out, technology adoption is moving faster than security.
- A focus on business success should inform all aspects of the organization’s activities; security strategies and security spending are aligned with business goals.
- An effective coach is key to a winning team. Security leaders lack adequate access to the executive suite.
- People who don’t know how to do things rarely do them well, which makes the lack of staff and resources available for security training a significant problem.
- Years of investment pay off as Asia leads the world in security practices and performance.
- Security budgets are almost flat in North America, but certain strategies show gains.
- As spending stalls in Europe and safeguards weaken, some security practices are improving.
- South America plays catch-up on security investments and emerges as a leader in some important categories.
While you are at it, don’t forget Verizon’s data breach report
Who says that it’s the outsiders we should not trust.