Mainland firms lead in plans to spend on information security
Unfazed by the economic crisis, mainland enterprises plan to boost spending or least maintain their investments in key information security technologies, according to a global survey by PricewaterhouseCoopers.
The study, which interviewed more than 7,200 senior company executives in 130 countries, found that more than eight out of 10 respondents on the mainland said they expected their information security spending to either increase or stay the same over the next 12 months.
'It was a higher score than nearly every other country in the world,' said Kenneth Wong, the lead partner at professional services firm PwC's security advisory practice in Greater China.
'Information security is a priority for Chinese organisations, which appear to be less impacted by the economic downturn,' Wong said yesterday.
North America and the rest of Asia scored 60 per cent and 73 per cent, respectively.
'The increased risk environment has visibly elevated the role and importance of the information security function to the entire business organisation,' said William Gee, a partner at PwC China's risk and controls solutions practice.
Market research firm Gartner said the mainland was the fastest-growing market for information security software, hardware and services last year in the Asia-Pacific. Demand on the mainland grew 39.4 per cent year on year, compared with 28.3 per cent for the whole region.
Wong said the security initiatives during the Beijing Olympic Games had a big role in fostering information security development programmes in many mainland firms.
Beijing-based CCID Consulting estimated more than US$300 million was spent on security infrastructure projects for the Games, including entry and exit management control and network security systems. With more companies modernising their information technology systems, the domestic security market could be worth more than 140 billion yuan (HK$159 billion) next year, according to CCID.
However, Wong noted that many mainland businesses had been less sophisticated in terms of building organisation-wide security management systems compared with their counterparts in mature markets such as the United States.
'This involves having a proper data inventory, dedicated information security resources, up-to-date access controls, and security standards and procedures for high-risk areas like wireless networks,' he said.
He added that mainland companies should also sharpen their focus on employee security-awareness programmes and business-continuity/disaster-recovery plans.
Arun Chandrasekaran, an Asia-Pacific network security market expert at Frost & Sullivan, said companies in emerging markets, despite pressure to control capital expenditure, recognised 'the risks of not implementing adequate information technology security far outweigh the cost of investing in it'.