A global survey that was conducted at the height of the financial crisis in 2009 has revealed that companies in the Philippines and around the world are showing increasing concern about data protection and management of information security.

According to the Ernst & Young 2009 Global Information Security Survey, 62 percent of survey respondents said improving security is top priority for next year, and 40 percent said they will increase investments in security.

Gerry Chng, Ernst & Young Far East Area information security champion, presented the results of the survey in a local executive briefing organized by SGV & Co., a member firm of Ernst & Young.

Chng said there is pressure to drive cost down and get more from existing investments, with organizations now taking a more holistic view of information security.

The approach now, he said, is “protecting information no matter where it resides” and no longer “keeping the bad guys out.”

IT Risk and Assurance (ITRA) partner Warren R. Bituin, who discussed the highlights of the responses of Philippine corporations in the survey, noted that companies in the country are aware of the growing importance of improving their information security systems.

Although only one respondent said it has implemented an information security management system and has been certified, 22 percent said they have implemented without certification, 29 percent said they are implementing, and 36 percent said they are considering implementing a management system.

More than 50 percent of companies in the Philippines also noted an increase in both external and internal attacks.

Based on the survey, 80 percent of respondents have implemented additional security tools to more efficiently manage information security.

Apart from budget and resource challenges, Philippine companies are also slow to outsource security functions except for attack and penetration testing, with 36 percent currently outsourcing security functions and 29 percent considering outsourcing.

System implementation challenges also exist -- 64 percent of respondents do not have an inventory and classification of information assets. Although most organizations have an information security awareness program, only 20 percent measure the effectiveness of the program.

The annual Ernst & Young 2009 Global Information Security Survey, now on its 12th year, specifically examines how organizations are addressing their information security needs.

Conducted in a span of two months from June to July 2009, the survey included nearly 1,900 senior executives across all major industries in more than 60 countries. Forty five of the respondents of the survey came from the Philippines.