The responsibilities and role of security executives are changing as more emphasis is placed on non-technical skills that support the management of a broader set of business risks.

Questioning 100 security chiefs at its annual Security Forum EMEA event, IT advisory group Forrester Research found that many felt their position was evolving as it became more focused on overall risk management and less on technical aspects.

However, despite the new breadth of security challenges landing on the chief security officer’s desk, IT security budgets are yet to reflect this. One third of respondents said that their organisations spent less than 2% of their overall IT budget on security and another third said security spend was less than 5% of the budget.

Nonetheless, 55% said that they expected spending to rise in 2007.

The top security issue, according to respondents, is compliance, with an increasingly broad and strict set of regulations and standards placing a heavy burden on IT. Close behind are the issues of disaster recovery and business continuity, and then concerns about information leaking out of the business.

To address such issues, IT security needs to raise its profile further. When ranking issues that may prove problematic over the next 12 months, respondents rated gaining internal visibility and influence as the biggest challenge, above getting sufficient budget.