Those were some of the conclusions in a study of 138 security executives done by IBM and its Center for Applied Insights which also found that rather than just reactively responding to security incidents, the Chief Information Security Executives (CISOs) role is shifting more toward intelligent and holistic risk management -- from firefighting to anticipating and mitigating fires before they start.
[ Also on InfoWorld: Though you may be putting up your best defenses, Roger A. Grimes points out the 5 big security mistakes you're probably making. | Stay up to date on the latest security developments with InfoWorld's Security Adviser blog and Security Central newsletter. ]
IN THE NEWS: The SpaceX blast into history
"Overall, all security leaders today are under intense pressure, charged with protecting some of their firm's most valuable assets -- money, customer data, intellectual property, and brand. Nearly two-thirds of CISOs surveyed say their senior executives are paying more attention to security today than they were two years ago, with a series of high-profile hacking and data breaches convincing them of the key role that security has to play in the modern enterprise. More than half of respondents cited mobile security as a primary technology concern over the next two years," the study found.
"Nearly two-thirds of respondents expect information security spend to increase over the next two years and of those, 87 percent expect double-digit increases," IBM said.
Some other interesting findings from the "Finding a strategic voice: Insights from the 2012 IBM Chief Information Security Officer Assessment" report:
• Nearly two-thirds of security leaders say their senior executives are paying more attention to security today than they were two years ago, due in large part to media attention. One of the chief attributes of a leading organization is having the attention of business leaders and their boards. Security is not an ad hoc topic, but rather a regular part of business discussions and, increasingly, the culture. In fact, 60 percent of the advanced organizations named security as a regular boardroom topic, compared to only 22 percent of the least advanced organizations, IBM said.