The bad news: More than 76,000 security incidents were reported in the first six months of this year (only six thousand less than the reported incidents in all of 2002); fewer businesses rank security as high a priority as last year; and fewer plan to increase their spending.
The good news: Many companies think they've already invested in the fundamental security infrastructure they need; security tools have become more plentiful and more effective; and companies have more information and ways to fix vulnerabilities.
The gap: The threats are getting worse each day. The attacks are becoming "blended" and take advantage of multiple software vulnerabilities to wreak havoc on a system. So why then aren't companies making security a higher priority and investing more in protecting critical data, networks, and systems?
After poring through the data from the 2003 InformationWeek Research U.S. Information Security Survey and interviewing dozens of companies, George V. Hulme, senior editor, says he's surprised at how many companies still consider it a "grudge spend"—a necessary evil with little demonstrable value day to day.
In my early years at InformationWeek, more than a decade ago, there were many companies that felt that way about IT. They got squeamish about publicizing how much they spent on IT because that was a pricey capital expense designed to get something done. Fast forward to today, however, and the value of IT is phenomenal—businesses can't innovate without it, processes can't improve without it, and productivity can't increase without it. So, I'm hopeful that there will be a time when more business–technology executives feel the same way about security.
Stay tuned. In September, we'll bring you the results of our Global Information Security Survey.
IT's Reputation: What the Data SaysInformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business really views IT's performance in delivering services - and, more important, powering innovation. Our results suggest IT leaders should worry less about whether they're getting enough resources and more about the relationships they have with business unit peers.
What The Business Really Thinks Of IT: 3 Hard TruthsThey say perception is reality. If so, many in-house IT departments have reason to worry. InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business views IT's performance in delivering services - and, more important, powering innovation. The news isn't great.