49 percent

149 percent

49 percent of decision makers felt that economic conditions were the most important drivers of information security spending in 2010, compared with 39 percent in 2009.

243 percent

43 percent of organizations justify their security spend based on legal and regulatory requirements, down from 58 percent in 2007.

341 percent

Client and user requirements are now justifying security spend for 41 percent of organizations, up from just 34 percent in 2007.

452 percent

52 percent of organizations say they’ve had to assume greater risks from business partners who have been unable to secure their weak practices due to economic conditions.

550 percent

Similarly, 50 percent of organizations say weak supplier security has become a concern due to economic factors.

671 percent

As organizations have had to make tough security spending decisions, 71 percent say their focus has been turned primarily to data protection strategies and 69 percent are concentrating on prioritizing investments based on risks.

747 percent

47 percent of organizations have had to reduce security budgets for capital expenditures and 46 percent for operational expenses in 2010.

825 percent

However, only 25 percent have had to make more than 10 percent budget cuts in capital expenditures and 24 percent have had to cut more than 10 percent in operational expenses.

9Security Budgets

And more than half of respondents say their security budgets are expected to increase within the next 12 months.

1023 percent

Visibility into security breaches and events has increased dramatically in the last few years. This year only 23 percent of respondents said they didn’t know how many security incidents they experienced, compared to a whopping 40 percent in 2007.

11Who does the CSO Report To:

23 percent to the CIO32 percent to the Board36 percent to the CEO


Must Read