49 percent of decision makers felt that economic conditions were the most important drivers of information security spending in 2010, compared with 39 percent in 2009.
43 percent of organizations justify their security spend based on legal and regulatory requirements, down from 58 percent in 2007.
Client and user requirements are now justifying security spend for 41 percent of organizations, up from just 34 percent in 2007.
52 percent of organizations say they’ve had to assume greater risks from business partners who have been unable to secure their weak practices due to economic conditions.
Similarly, 50 percent of organizations say weak supplier security has become a concern due to economic factors.
As organizations have had to make tough security spending decisions, 71 percent say their focus has been turned primarily to data protection strategies and 69 percent are concentrating on prioritizing investments based on risks.
47 percent of organizations have had to reduce security budgets for capital expenditures and 46 percent for operational expenses in 2010.
However, only 25 percent have had to make more than 10 percent budget cuts in capital expenditures and 24 percent have had to cut more than 10 percent in operational expenses.
And more than half of respondents say their security budgets are expected to increase within the next 12 months.
Visibility into security breaches and events has increased dramatically in the last few years. This year only 23 percent of respondents said they didn’t know how many security incidents they experienced, compared to a whopping 40 percent in 2007.
23 percent to the CIO32 percent to the Board36 percent to the CEO