The responsibilities and role of security executives are changing as more emphasis is placed on non-technical skills that support the management of a broader set of business risks.
Questioning 100 security chiefs at its annual Security Forum for EMEA conference, IT advisory group Forrester Research found that many felt their position was evolving as it became more focused on overall risk management and less on technical aspects.
However, despite the new breadth of security challenges landing on chief security officers’ desks, IT security budgets are yet to reflect this. Two-thirds of respondents said that their organisations spent less than 2% of their overall IT budget on security. Nonetheless, 55% said that they expected spending to rise in 2007.
The top security challenge for the respondents is compliance, with an increasingly broad and strict set of regulations and standards placing a heavy burden on IT. Close behind are the issues of disaster recovery and business continuity, and then concerns about information leaking out of the business.