PwC recently released the 14th annual Global State of Information Security Survey showing some troubling signs into the security capabilities of the 9,600 surveyed firms. While organizations have invested in capabilities for prevention and detection of data breaches and other Web-related security initiatives, the survey reveals a troubling degradation in core security-related capabilities, as the graph below indicates:
Graph: PwC 2012 Global State of Information Security Survey
The survey pays particular attention to the impact of the current economic climate, noting that during periods of economic downturn, cyber risks often increase, which goes against most companies' natural tendencies to limit spending. Right now, 42% of executives see themselves as "front runners" in their information security practices... but is this the reality?
The report indicates that there may be some areas, as shown above, where there are deficits in strategy and that executives may be overconfident about their preparedness. PwC filtered the data, labelling a company as a "front runner" only if they had a security strategy in place, IT security had to report to senior business leadership, the company had to have reviewed its IT security policy in the past year, and if the business had suffered a breach, it had to understand the cause. Based on this, the amount of "front runners" fell from 43% to 13%.
PwC has launched a fantastic interactive summary of the report, including the ability to filter through graphs of some of the key questions of the survey by geographic region and industry.