Recession fails to dent security spending

Ernst & Young survey predicts investments to remain strong

Companies are urged to make the most of their investments in security

The economic downturn is unlikely to affect investment in information security, according to the 2008 Global Information Security Survey by consultancy Ernst & Young released today.

The report predicted that, while IT is traditionally one of the first functions to see budget cuts, this is not the case with information security.

Only five per cent of respondents intend to reduce annual IT security spending, while 50 per cent plan to increase investment in this area as a percentage of total expenditure.

However, to make the most of their investments in security, companies are advised to establish a clear information security strategy and an integrated risk management approach.

""The economic climate has been challenging for a number of months, so it was a pleasant surprise that security seems to be important enough," said Sheila Upton, director of technology and security risk services at Ernst & Young.

"We'd certainly caution people in times of economic uncertainty that there is usually an increase in crime – so it's not the time to be cutting security."

The survey also revealed that international industry standards like ISO 17799 are gaining greater acceptance, but that a worrying third of firms do not perform any security assessment of the third parties with which they share information.

Ernst & Young found that brand and reputation protection returned to the top of the priority list for chief security officers, 85 per cent of whom said that damage to brand is the most significant consequence of a data breach.