For many years, information technology–and, by extension, information security–was among the most likely cost centers to encounter cutbacks in funding when companies fell upon difficult economic times.
One reason–a lingering one, unfortunately–is that business leaders responsible for controlling the purse strings have not always found it easy to link multi-year investments in security with concrete, tangible, strategy-aligned business outcomes.
A second reason, among many others, is that it is often tempting for corporate decision-makers–executives under pressure to spread less funding across the same number of priorities–to find false comfort in applying cutbacks equally and indiscriminately across functions and business units until economic strength returns.
So it stands to reason–in the middle of the most significant economic downturn in decades–that the information security function might well be subject to the same waves of layoffs, project cancellations, and budget cuts that are affecting nearly every other corporate function and many different cost centers in companies, industries, and regions across the world.
We think, however, you will be intrigued by the results of our 2010 Global state of information security survey.
Two findings, in particular, stand out. On the one hand, there is compelling evidence that, in some respects, the security function appears to be under protection–as if the efforts of technology and security executives to align security more closely with the business are, in fact, beginning to show results.
On the other hand, the economic downturn has clearly raised the bar on security. In addition to helping the business mitigate risks associated with factors such as globalization, outsourcing and third-party compliance with company policies, the information security function is now also charged with new challenges– challenges--and for some companies, they are more urgent than ever before. The function and its leaders, for example, are now also tasked with helping the company address an acute set of crisis-related risks and opportunities such as those associated with new business models, M&A transactions, successive waves of layoffs, cost-cutting drives in other parts of the enterprise, and major shifts in a key competitor’s strategy.
What are the implications of these trends on how your business is addressing the challenges of the economic downturn? What expectations should you be placing on your information security function at this time? Which areas of focus offer the best opportunities for security to provide concrete business value–not just over the long run but right now, during an unusual economic period?
PricewaterhouseCoopers is in its eleventh year of conducting the online Global state of information security survey, the past seven with CXO Media, publisher of CSO and CIO magazines. Our goal is to understand how executives and industry leaders view current and future challenges facing the information security industry. More than 7,200 CEOs, CFOs, CIOs, CSOs, vice presidents and directors of IT and information security from 130 countries contributed information to this year's study. We are leveraging Global Best Practices®, to use the results of the survey to help other organizations, such as yours benchmark their current performance and capabilities against peer companies. This will enable you to understand the latest trends that your peers are facing as well as the safeguards that other organizations have implemented to address emerging threats proactively.
By submitting the survey questionnaire, you will receive a customized benchmark report comparing your company’s information security posture to the responses of more than 7,200 participants in the 2010 Global state of information security survey.
The objective of this information security benchmarking assessment is to:
Compare your organization’s security posture to peer organizations from similar industries, size, or geographic region
Help you identify trends among peer organizations on the state of information security
Identify areas of potential investments to improve operational effectiveness and reduce risk.
Each organization has a different level of risk tolerance, security maturity, and priorities for security investments. This benchmark study provides insight into the security concerns and posture of the global community, as well as a smaller subset of companies based on industry, size, or geography.
The results will provide you with valuable insight into your company’s information security practices and areas of focus, which you can subsequently compare with those of your peers. To enable this feedback process, we collect participants’ data centrally and securely. All individual names and data will be completely confidential. We may use the summary data to identify high-level trends for publication.
Who should participate
Specifically, we seek participation from C-level executives and information security leaders who:
Oversee information security related functions within the organization
Actively seek to harmonize and integrate people, process and technology to reduce risk
Want to know how they rank against their industry peers
A PricewaterhouseCoopers practitioner will assist you with any questions that may arise when completing the security questionnaire.
This benchmarking study is coordinated through PricewaterhouseCoopers' Global Best Practices.
See who has participated...
Preview the benchmarking group profile. See the profile of participants in the 2010 Global state of information security survey.
- 2010 Global state of information security profile (pdf, 15 KB)
- 2010 Global state of information security profile (xls, 51 KB)
Sample report: 2010 Global state of information security survey
- 2010 Global state of information security survey sample report (pdf, 69 KB)
- 2010 Global state of information security survey sample report (xls, 421 KB)
Today, in the middle of the worst economic downturn in thirty years, information security has an enormously important role to play.
What are the implications of these trends on how your business is addressing the challenges of the economic downturn? What expectations should you be placing on your information security function at this time? Which areas of focus offer the best opportunities for security to provide concrete business value—not just over the long run but right now, during an unusual economic period?
Download: Trial by fire - What global executives expect of information security—in the middle of the world’s worst economic downturn in thirty years.