Chinese organizations are only just starting to break through the early stages of information security, despite the country's intensifying participation in the global economy.

InformationWeek's Global Information Security survey illustrates their high level of risk exposure. It also suggests that Chinese organizations, given the level of attacks on their systems, may not have the luxury of plodding through the usual "evolutionary process" of developing IT security.

China's experience is different from that of U.S. companies 15 years ago. The demands of the global economy compel China to rapidly adapt to advanced international standards. Fortunately, Chinese organizations are accelerating their pace of security development in an effort to be seen on the international stage as secure and in control.

For instance, the average percentage of IT budget spent on information security in China is 19%, compared with 12% in the United States. That's an astonishing figure.

The survey responses of both U.S. and Chinese companies reinforce what Accenture clients are saying. They're asking for advice in assessing IT security risk, reducing security complexity, and measuring security's value, factors that support the business case for security spending.

Within those three areas, China's focus appears to be largely on basic infrastructure. This isn't surprising, as organizations must start somewhere. China has the benefit of learning from the experiences of U.S. companies as they advance into the areas of security automation and simplification. As the United States recognizes the need for more limber IT systems to handle fast-changing processes and opportunities, China is adapting as well.

Our survey underscores that many Chinese companies are already beginning to learn the lessons others have learned elsewhere. In earlier years, security tended to be a bolt-on afterthought. A bank decided to add a customer service, for instance, and only after establishing the new service did it figure out how to secure it. Chinese companies now say, "We need a new service, and as part of that service, what will be the security experience?" The security is being designed up front.

China is at the stage of acquiring point solutions for security. Eventually, the sheer volume of such fixes makes them impossible to manage. If Chinese organizations properly assess risk and institute strategic security measures rather than continue with a patchwork approach to vulnerabilities, they may be able to leapfrog the evolutionary process. High-performance security is particularly critical in adopting cutting-edge technologies such as wireless applications and service-oriented architectures.

As organizations move beyond fragmented, piecemeal approaches, they can embed security into business processes, thereby providing better integration, automation of manual processes, and improved management and monitoring capabilities. Chinese organizations realize that to enjoy the fruits of such high-performance security and become truly international, they'll have to intensify their adoption of international security standards.

Illustration ©2007 Brian Stauffer c/o theispot.com

Return to the story:
IT Security: The Data Theft Time Bomb

View charts:
IT Security: Still A Daunting Task

Buy the report:
2007 InformationWeek/Accenture Global Information Security Survey