Companies are less concerned about the technicalities of implementing security technology than with aligning their security policies and procedures with business objectives.
This was the main finding of Ernst & Young's 10th annual Global Information Security Survey, released to local media yesterday.
This year's survey focused on finding the right balance of risk and performance and polled more than 1 300 organisations in 50 countries.
The technologies that keep executives awake at night all centre around the removal or theft of data from corporate systems, with removable media topping the list of concerns.
Other issues include mobile computing in the form of PDAs and smart phones, Web applications, wireless networks and hard drive encryption.
However, technical issues are lower on companies' objectives than the more important challenge of aligning information security with the business.
The survey found that meeting business objectives is a growing focus for information security, which is now becoming integrated into companies' overall risk management projects.
However, security still tends to be isolated from executive management and the strategic decision-making process.
Ernst & Young counsels companies to leverage business relationships regardless of reporting lines and to involve information security early on in the decision-making process.
The survey finds that there are a number of trends driving information security, the most important being a need for compliance.
In addition, there is more awareness around the issues of privacy and data protection, which is also driving a move towards better security. It is also emerging that improved security can contribute to improving IT and operational efficiency.
When it comes to managing their information security, companies are demanding that vendors and business partners. They are also relying more on audits and self-assessments to evaluate the effectiveness of their security programmes.
The biggest challenge to maintaining effective information security, however, lies with staffing, the survey found. Experienced and trained resources continue to be scarce, which affects companies' ability to deliver on information security projects.