Asia-Pacific companies long on IT security funding but short on vision: PwC

Funding for IT security programs is more available to Asia-Pacific organisations but deficiencies in security process and procedure are far more of an obstacle to IT security initiatives across the region than they are in the rest of the world, a recent survey of corporate IT security postures has found.

When asked to name the greatest obstacles to improving the effectiveness of their organisation's information security function, Asia-Pacific respondents to the PwC Global State of Information Security Survey 2014 consistently said their leadership was one of the biggest obstacles.

Fully 25.1 per cent named business executives – the CEO, president, board or equivalent – as a hindrance, while CIOs were named as the roadblock by 18.3 per cent of respondents and CISO, CSO or equivalent in 19.2 per cent of cases.

These results were consistently higher than those for the whole world, where CEOs (22.9 per cent), CIOs (16.2 per cent) and CISOs (17.5 per cent) were still named as obstacles but less frequently.

The report found even stronger variations in terms of vision and strategy – areas that should ideally be jointly set by the business and IT executives – with 28.5 per cent of Asia-Pacific respondents saying the lack of an effective information security strategy was holding back the organisation's effectiveness.

The figure for the whole world was just 22.2 per cent.

The most commonly named obstacle was the lack of an actionable vision or understanding of how future business needs impact information security, which was named by 29.7 per cent of Asia-Pacific respondents but just 23.5 per cent of global respondents.

That represents a significant variance that suggests Asia-Pacific companies are still well behind world benchmarks when it comes to elucidating corporate strategy and the role of IT security within that strategy.

Interestingly, the same survey found a significantly higher proportion (69.3 per cent) of Asia-Pacific companies have a senior executive who “proactively communicates the importance of information security to the entire organisation”. Globally, that figure was just 59.2 per cent.

This difference may suggest that while many companies have executive champions for IT security, their advocacy is failing to translate into influence on other policy-makers at the senior-executive level.

However, the figures were reversed when financial issues were considered: Asia-Pacific companies were less likely than their global peers to blame funding shortfalls for the lack of information-security improvements.

Just 21.7 per cent of Asia-Pacific companies cited a lack of capital expenditure – compared with 24.1 per cent worldwide – while 15.5 per cent of Asia-Pacific companies blamed a lack of operating expenditures, compared with 19.3 per cent worldwide.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the CSO newsletter!

Error: Please check your email address.

Tags PwC Global State of Information Security Survey 2014]security

More about CSOPricewaterhouseCoopers

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts