49 percent
49 percent of decision makers felt that economic conditions were the most important drivers of information security spending in 2010, compared with 39 percent in 2009.
43 percent
43 percent of organizations justify their security spend based on legal and regulatory requirements, down from 58 percent in 2007.
41 percent
Client and user requirements are now justifying security spend for 41 percent of organizations, up from just 34 percent in 2007.
52 percent
52 percent of organizations say they’ve had to assume greater risks from business partners who have been unable to secure their weak practices due to economic conditions.
50 percent
Similarly, 50 percent of organizations say weak supplier security has become a concern due to economic factors.
71 percent
As organizations have had to make tough security spending decisions, 71 percent say their focus has been turned primarily to data protection strategies and 69 percent are concentrating on prioritizing investments based on risks.
47 percent
47 percent of organizations have had to reduce security budgets for capital expenditures and 46 percent for operational expenses in 2010.
25 percent
However, only 25 percent have had to make more than 10 percent budget cuts in capital expenditures and 24 percent have had to cut more than 10 percent in operational expenses.
Security Budgets
And more than half of respondents say their security budgets are expected to increase within the next 12 months.
23 percent
Visibility into security breaches and events has increased dramatically in the last few years. This year only 23 percent of respondents said they didn’t know how many security incidents they experienced, compared to a whopping 40 percent in 2007.
Who does the CSO Report To:
23 percent to the CIO32 percent to the Board36 percent to the CEO