Do chief information security officers (CISOs) in North America work harder than their security counterparts in Europe?
That's the conclusion Forrester Research has reached, saying North American security teams seem to have more responsibilities in terms of what they need to oversee and manage than their peers in the European Union, the research firms stated in its report, "Understand Security and Risk Budgeting for 2013."
The survey, conducted toward the end of 2012, indicated North American CISOs have less IT security budget to work with as well to do all of this, receiving 7.1% of the IT budget on average while European CISOs fared better at 8.1%. In spite of these circumstances, North American CISOs displayed a more optimistic view of what 2013 will bring in terms of overall spending and security projects than their European counterparts.
When 796 North American and 322 European IT security decision-makers at companies with 1,000 employees or more were asked about how they expected things to change in 2013, the answers indicated the CISOs in North America expected IT security spending to be higher than the previous year. Forrester points out this may be because Europe is in the grip of an economic downturn that could be impacting spending in 2013.
According to the survey, security spending is being directed at upgrades to existing on-premises systems as well as new technologies, more staffing, consultants and integrators and outsourcing options that included cloud and managed services of various types. Europeans are said to be focused more on data security, perhaps because of the impending EU Data Protection legislation, while in North America, the focus is more heavily on network analysis and visibility into targeted attacks from state-sponsored agents and organized cybercrime.
The Forrester report says the scope of the average CISO's responsibilities have increased gradually over the past three years.
"While one could argue this is a good thing, as it demonstrates the trust the organization has in the security function, it's also worth noting that old expectations do not go away," the report, written by Andrew Rose and Nick Hayes states. "Therefore, CISOs have had to address an increasingly long task list with only marginally more resources, which can have several negative repercussions."
Forrester's study says it appears evident that North American security teams have greater responsibilities in general than their European counterparts. They are responsible more of the time for third-party security, threat and vulnerability management, fraud management and identity and access management. The growing workload means CISOs in North America "have less time to mature their security organizations," and they "struggle to keep up with emerging technologies and threats" and may find it "difficult to address risk across the extended enterprise."
Sign up for CIO Asia eNewsletters.