CIO and PwC have released the Global State of Information Security 2005.
“It’s clear from the data that respondents spend most of their time in reactive mode: responding to incidents, deploying firewalls, and dealing with everyday nuisances like spam and spyware. Ironically, the most common proactive step respondents take is to develop business continuity and disaster recovery plans. So even their proactive steps are investments in reactive measures.
Having said that, a few numbers did pop out that suggest that the foundation is being laid for a time when information security may become more strategic. This year more companies employed security executives and focused on integration between physical and information than in the two previous years…”
“…There’s a sudden and dramatic rise in companies monitoring their employees. The upsurge, part of a trend toward more surveillance both in public and in private, can be attributed to several factors.”
“Information security is getting more money, but exactly how much and from where isn’t always clear. It’s more evidence of a lack of strategic direction.”
Alex Eckelberry
(Thanks to beSpacific)