Stay the Same: 25%
Don't Know: 24%
Numbers may not add up to 100% due to rounding
Gius of Atmos Energy offered another possible explanation: Companies see a lot of chaos in the security market with an avalanche of mergers and acquisitions. One independent security vendor after another has merged with or been acquired by other companies. Examples include BT's acquisition of Counterpane and IBM's acquisition of Internet Security Systems. IT leaders are simply getting out of the way until the industry settles down.
Gius says Atmos Energy is handling most of its security in-house right now. "We pursued a number of open-source and lower-cost solutions to manage it ourselves," he says. "We invested in two people to help ensure we had the skills to manage that environment." But he'd like to outsource more if it makes sense financially. He notes that security is increasingly integrated into the platforms provided by the likes of Microsoft, Cisco and Oracle, as well as telecom providers like Comcast and Verizon. It makes sense to him to have those providers manage the security of their systems.
Beard, with SAIC, says that no matter what drives security spending decisions, companies should understand their specific security strategies and where managed security providers can offer unique value. Smart business executives understand that they must maintain control of the big picture at all times, even if a third party is managing many of the levers. Keeping an eye on security service providers and the risks they are encountering is essential. "CIOs and security officers may outsource certain functions to various degrees, but they should never outsource their responsibility," Beard advises.
Trend # 4
A New Corporate Commitment
CIOs may still struggle with the quality of their data security, but the response to this year's survey suggests their executive peers have agreed, finally, that security can't be ignored.
Companies' budget plans tell part of the story. Not only are more companies investing in security technologies, but overall security investments are largely intact, despite the economy.
Twelve percent of respondents expect their security spending to decline in the next 12 months. But 63 percent say their budgets will hold steady or increase (although fewer foresee increases than did last year).
For starters, more companies are hiring CSOs or chief information security officers (CISOs). Eighty-five percent of respondents said their companies now have a security executive, up from 56 percent last year and 43 percent in 2006. Just under one-third of security chiefs report to CIOs, 35 percent to CEOs and 28 percent to boards of directors.