For 2012, 37% of information security professionals say their business plans to increase its security spending, while only 16% expect their security spending to decrease. The top drivers for spending increases are to address compliance, mobile devices, and data loss prevention.

Those findings come from a study released Tuesday by market researcher TheInfoPro, which is part of the 451 Group. The study is based on a survey of about 150 IT professionals, and found that the projected 2012 security spending increases are on par with 2011 spending. This year, 39% of businesses increased their spending from 2010, while only 15% decreased spending.

"Information security spending is very solid in 2011, and looks to remain that way for 2012. It is not difficult to see why," said Daniel Kennedy, research director for information security at TheInfoPro. In particular, he cited the continuing prevalence of data breaches, the need to secure virtualization and cloud environments, as well as the bring-your-own-device movement, with its incumbent requirement that enterprise IT departments effectively secure employee-owned devices.

[Information security is a concern for businesses of all sizes. Check out 4 Security Issues SMBs Should Watch In 2012.]

Spending-wise in 2011, respondents said that they had most increased their spending on products from intrusion detection system (IDS) vendor Sourcefire, as well as McAfee.

Kennedy said that as part of the survey, he also asked respondents to name the current "most exciting security products and services." He said the top pick was Palo Alto (mentioned by 20% of respondents), followed by threat detection vendor FireEye (10%). From there, more tenured players reigned, including EMC, Symantec, Intel's McAfee, Juniper Networks, Check Point, and Trend Micro, though cloud identity management service Ping Identity and two-factor authentication service PhoneFactor also made the top 10 list.

In terms of must-have technology, one quite popular area of planned 2012 investment is in application-aware firewalls. In particular, 28% of businesses that plan to adopt them saying they'll use technology from either Palo Alto or Check Point.

For the venerable antivirus and antispam front, the study found that the historical market leaders largely continue to reign, with the market being controlled by Symantec (39%), McAfee (34%), Trend Micro (15%), Sophos (5%), and Microsoft (2%).

Kennedy said the study also found that data loss prevention (DLP) technologies have become more popular. Overall, 23% of businesses said they're using network-based DLP, and 20% plan to implement it in the next 18 months. The majority of companies purchase network-based DLP from Symantec, followed by Cisco, McAfee, EMC, Websense, and Proofpoint.

Meanwhile, 21% of firms are using DLP software on their endpoints, and 27% plan to implement such technology within the next 18 months. Buyers are primarily deferring to their existing endpoint security vendor to get endpoint DLP. In particular, most respondents use Symantec, McAfee Sophos, Websense or EMC.

Security professionals often view compliance as a burden, but it doesn't have to be that way. In this report, we show the security team how to partner with the compliance pros. Download the report here. (Free registration required.)