And, says a leader from ISACA, the not-for-profit information security association, the good news is that 28% of the 100 major corporate respondents said security was highest on their priority lists, followed by 26 and 16%, respectively, when it comes to price and power.
"This is excellent news and indicates that the message that security is a key factor when planning major IT system deployments is getting through to managers outside the IT discipline", said Rolf von Roessing, the association's vice president.
"With our global membership now approaching 90 000, our team of professionals has been working hard to ensure that managers in all business sectors understand the need for effective but sufficient information security budgets in any organisation", he added.
According to von Roessing, the just-published Telehouse survey proves that managers are now starting to understand they cannot offer the best levels of IT service - which he argues is essential in these economically stringent times - without balancing the price/security risk/reward issue.
The ISACA vice president went on to say that it's also good to see that the 16% of those professionals responding to the survey include data resilience in their `hit list' of priorities. This, he says, shows a good understanding of the need for IT strategy planning.
Von Roessing explained that, with the information security profession now well into its third decade, there is a definite need for a professional approach in all aspects of security.
"ISACA offers its members guidance at all levels of the IT security management development process, both by peer discussion at its meetings and conferences, as well as a large number of papers and discussion documents", he said.
Last year, he added, ISACA published its Risk IT framework, which is based on the associations' COBIT framework and best practice guidance, and is available as a free download.
The Risk IT framework, says von Roessing, was developed after 18 months of rigorous work by an international task force with members from five countries.
Later this year, ISACA will be publishing the Business Model for Information Security. An introductory guide is available as a free download from www.isaca.org/bmis.
"Managing IT security in any organisation has come a long way since the IT fire fighting days of the 1980s and 1990s", he said.
"Today's IT governance professional needs a strong and disciplined approach, and ISACA can provide its memberships with the tools that are required to achieve - and maintain - high levels of excellence in our profession", he added.