Worldwide Spend for IT Security Continues to Increase

Global Trends

– The survey reveals that North American and Asian security practices are no longer on par with one another, as was reported in last year’s survey. Asian respondents are far more likely than their North American colleagues to say that spending on security over the next year will either increase or stay the same (73% vs. 59%). South America also shows advances this year with 81% of respondents reporting they will increase spending or stay the same compared with 50% in Europe.

– The study reveals that information security is a priority for organizations in China. More than eight out of every 10 Chinese respondents expect information security spending to either increase or stay the same over the next 12 months. This is a higher score than nearly every other country in the world.

“As China muscles its way through the economic downturn, its security capabilities have stepped nimbly ahead of India’s in a dramatic shift from last year’s trend and, in the same one-year sweep, ahead of those in the U.S. and most of the world,” said Bob Bragdon, Publisher, CSO.

Looking Ahead

The survey results reveal that companies are placing high expectations on initiatives that take a strategic, risk-based approach. “This year, the message isn’t new or different. It’s just more urgent,” suggests Lobel. Organizations that want to “get it right” should be focusing on the following key issues:

Protecting data elements as a top priority – The number of respondents who say their organization has a data loss prevention (DLP) capability in place has leapt this year from 29% in 2008 to 44% in 2009.

Addressing the risks associated with social networking – Four out of every ten respondents report that their organization has security technologies that support Web 2.0 exchanges, such as social networks, blogs, and wikis.

Cloud computing is “on the table” – While IT virtualization is a growing priority, only one out of every two respondents believes that it improves information security.

“If 2010 proves to be a ‘trial by fire’, these strategies will be enormously valuable not just in limiting damages to assets and reputations and mitigating risks but also in positioning companies for the recovery period and stronger business performance in the years ahead.” said Lobel.


The Global State of Information Security 2010 is a worldwide security survey by PricewaterhouseCoopers, CIO magazine and CSO magazine. It was conducted online from April 22 to June 15, 2009. Readers of CIO and CSO magazines and clients of PricewaterhouseCoopers from around the globe were invited via email to take the survey. The results discussed in this report are based on the responses of more than 7,200 CEOs, CFOs, CIOs, CSOs, vice presidents and directors of IT and information security from 130 countries. Thirty-one% (31%) of respondents were from North America, 27% from Asia, 26% from Europe, 14% from South America, and 2% from the Middle East and South Africa. The margin of error is +/- 1%.