The survey of more than 2 000 business technology and security professionals from eight countries uncovered ongoing concern about hackers, malicious coders, customer data breaches and identity theft. That concern is underscored by the long list of priorities identified including raising user awareness (41%), enforcing security policies (36%), controlling system access (26%) and getting more resources (23%).

However, when asked whether their companies are more vulnerable to attacks and breaches than a year ago, only 11% of respondents with US companies, 13% of respondents in Europe, 16% in China and 25% in India thought so. The vast majority think their companies are no more vulnerable than before or about the same, an even higher level of confidence than found in last year's survey.

In its ninth year, the online survey found an upswing in resources directed toward information security across the board. "As businesses continue to grapple with issues like risk assessment and customer data protection, it is helpful to see that they are getting the support they need from senior corporate management," says Rob Preston, InformationWeek editor-in-chief. "However, it is critical that the higher confidence and spending levels do not let security pros lapse into complacency."

Overall, global highlights and trends include:
* IT professionals in countries other than the US were slightly more cautious in their own vulnerability assessments. Thirteen percent of respondents in Europe, 16% in China and 24% in India say their organisations are more vulnerable to security dangers than a year ago.

* Spending is expected to grow significantly this year. Fifty-seven percent of respondents in India said they expect to spend more on security technology than last year, as did nearly 50% of US respondents, 42% of respondents in China and 25% of respondents in Europe.

* An increasing number of attacks were reported this past year. Fifty-seven percent of US companies report being hit by viruses over the last year, 34% by worms, 18% by denial of service attacks, 9% by network attacks and 8% by identity theft.

* Variations exist among countries when it comes to the challenges they face and how they are addressed. Managing complexity appears to be most daunting for US companies, while user access control is more of an issue in Europe and China. Those in India put security complexity and security policy enforcement front and centre.

* Security outsourcing is more prevalent worldwide. Companies in China, the US and Europe expect to increase their security outsourcing spending in the coming year by 24%, 23% and 16%, respectively.

* Compliance regulations drive security policies and practices. Improvements to infrastructure and application security and document management practices were brought about by Sarbanes-Oxley, the EU Protection Directive and the Bank Secrecy Act.
 
"We are not surprised by the expectations that security spending will increase significantly this year," says Alastair MacWillson, global managing partner, Accenture security practice. "Many companies are putting a lot of effort and money into meeting regulatory compliance in the belief that such measures will also improve security. While this may be the case in some circumstances, I do not believe it is a cost-effective way of addressing security weaknesses in areas that really matter to the company."

"Those companies that do security well, integrate security into everything they do, recognising that security enables them to do new things, and are able to justify the business value and show a return on their investment in security," MacWillson continues. "Consider, for example, online banking, which is not possible without bullet-proof security."