A new global survey on IT security from PricewaterhouseCoopers shows that fewer companies are doing IT security audits in the face of economic uncertainty and budget constraints.
The study, released on September 20, is an exhaustive review of IT security practices among 9,300 CIOs, CEOs and IT managers.
As reported by Joel Schectman in the Wall Street Journal’s CIO Journal, just 16% of respondents to the PWC survey said their firms conducted an inventory of different kinds of company data in 2012, down from 22% in 2011.
That inventory—which can include an estimate of how much money the company would lose if the data were lost or stolen—is an important aspect of IT security, said Mark Lobel, the lead contributor of the study and principal at PwC. The London-based firm receives fees for security consulting.
“You need to have an accurate inventory of your key data elements. How can you protect your customer data if you don’t know what you have”
The survey also shows that companies were using fewer security safeguards than in the past, with 71% of respondents saying they were using adware and spyware detection tools in 2012, compared with 83% a year earlier.
The findings of this survey point to opportunities for security firms.
As Neil Sutton wrote in the most-recent edition of SP&T News, IT beat security firms to the punch by moving data systems onto networks years ago. Now, security firms face a critical choice when it comes to providing IT security services.
Today, for many security companies, it is either get with the program [and provide those IT security services] or watch an IT integrator with years and years of experience do it for you.
So, in light of declining corporate IT security budgets and potentially increased overall hacker risks, security companies can step into the proverbial breach by providing their IT expertise where the demand is still high if the supply is not.