Big Companies in Security Crosshairs

Here’s a silver lining: This year’s rash of well-publicized, large-scale data thefts may have made life easier for corporate information security managers.

In 2006, major data security snafus have been splashed across the front pages of the nation’s newspapers. Among the most notable was the Veterans Administration’s loss of a laptop with private info on more than 26.5 million service members and dependents.

With such dangers front and center, it’s easier to persuade company managers that information security is absolutely mission-critical, says Russell Walker, vice president of information security at film and TV producer Warner Bros. Entertainment in Burbank, Calif.

“Five or six years ago, we were like salmon swimming upstream in trying to change behavior”—that is, to get employees and partners to strictly follow security policies and practices, Walker says. “Now, we’re like salmon swimming upstream half the time. Management is now looking at security issues and seeing the business risk.”

That sharpened focus appears to be translating into a greater allocation of I.T. dollars for security at big companies next year, according to a survey on security trends conducted by Baseline’s sister publication, CIO Insight. Results of the survey of 265 information-technology professionals originally appeared in CIO Insight’s September issue. For this article, however, CIO Insight broke out the results for large companies—those with more than $500 million in revenue—shedding new light on security issues at the biggest enterprises.

Among the new findings: 47% of the big organizations polled said they’d had a security breach in the last 12 months, whereas just 23% of companies with less than $500 million in revenue reported a breach.

And 54% of those at large companies said their CIOs will ask for more security money. That group already spends an average of 6.5% of its total I.T. budget on security.

At smaller firms, 48% say they’ll increase security spending; average spending for these respondents is 6.1% of the total I.T. budget. Overall, just 5% of respondents say they expect to spend less on security.