Data Security Spending Set to Rise

Spending by regional companies on information security is likely to grow faster than other IT expenditures, according to a survey by management consultants PricewaterhouseCoopers (PwC).

About 67 per cent of information technology executives in Asia say they will increase spending on security, compared with a global average of 64 per cent in PwC's survey of 8,000 companies conducted this year. PwC said the growth in security spending will likely be at the expense of other IT items, as it forecasts the overall technology market will be flat for the year.

Worldwide technology spending, including on telecommunications, will grow by 5.4 per cent to US$2.38 trillion (HK$18.56 trillion) this year, according to research firm Gartner. However, global spending on business continuity and IT security solutions, at US$70 billion last year, is growing much faster, and will reach US$118 billion by 2007, according to International Data Corporation figures.

PwC's survey indicated respondents will spend between 11 per cent and 14 per cent of their overall IT budgets on security issues.

``Governance and compliance issues are driving the need for information security,'' partner Rick Heathcote said. ``In Hong Kong, we have observed that in order to comply with new laws and regulations such as Basel 2 [an international standard for capital requirements], personal data privacy laws and anti-money laundering obligations, companies are recognising the need for enhanced security and internal control.''

"In order to comply with new regulations, companies will employ IT systems that will support compliance initiatives, such as building new information systems,'' PwC information security senior manager John Lauderdale said. ``There are also regulations that have a more direct impact on the IT environment, such as the requirement to use encryption technologies.'' A PwC survey last year found that up to 70 per cent of all new IT projects in the United States were related to compliance requirements. Regulations could soon have a similar impact on firms in Hong Kong, though the effect will vary depending on their sizes. "Security management is now a key part of a company's risk management system,'' Lauderdale said. "Security management is 80 per cent management, and 20 per cent security.'' Companies must therefore adopt a centralised approach, instead of tackling it in a piecemeal fashion.

Compliance issues aside, Lauderdale said, firms can derive greater operational benefits from improved security. ``If companies can make their IT systems secure, they will be able introduce new business applications, integrate their systems with their business partners', as well as enable remote access for their staff, which would increase productivity.'' With greater use of electronic commerce, it is more important for firms to secure their systems. ``The challenge is in building systems that can be more easily secured -- this is what a centralised approach to security management will do,'' IBM Tivoli Asia-Pacific executive Con Yianakos said.