The bad news: More than 76,000 security incidents were reported in the first six months of this year (only six thousand less than the reported incidents in all of 2002); fewer businesses rank security as high a priority as last year; and fewer plan to increase their spending.
The good news: Many companies think they've already invested in the fundamental security infrastructure they need; security tools have become more plentiful and more effective; and companies have more information and ways to fix vulnerabilities.
The gap: The threats are getting worse each day. The attacks are becoming "blended" and take advantage of multiple software vulnerabilities to wreak havoc on a system. So why then aren't companies making security a higher priority and investing more in protecting critical data, networks, and systems?
After poring through the data from the 2003 InformationWeek Research U.S. Information Security Survey and interviewing dozens of companies, George V. Hulme, senior editor, says he's surprised at how many companies still consider it a "grudge spend"—a necessary evil with little demonstrable value day to day.
In my early years at InformationWeek, more than a decade ago, there were many companies that felt that way about IT. They got squeamish about publicizing how much they spent on IT because that was a pricey capital expense designed to get something done. Fast forward to today, however, and the value of IT is phenomenal—businesses can't innovate without it, processes can't improve without it, and productivity can't increase without it. So, I'm hopeful that there will be a time when more business–technology executives feel the same way about security.
Stay tuned. In September, we'll bring you the results of our Global Information Security Survey.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.