SITA Global IT Security Survey launched

Overall though, despite the global recession, the survey found an encouraging level of spending on IT security.

During interviews conducted in December, 68% of respondents reported static or increasing budgets for IT security. Just 42% of respondents stated they had input into online payment compliance for their airline despite approaching data security compliance deadlines from the Payment Card Industry. The survey also found that cost cutting is now a major driver of outsourcing.

The issue of compliance was a major focus of this year's survey as it is increasingly part of the IT and security professional's remit. Among those survey respondents responsible for compliance, both industry (73%) and customer information compliance (68%) are considered important to the business. But with only 34% considering online payment compliance "very important" and airlines constantly seeking to increase online bookings, the need for more attention to online payment compliance is vital, according to aviation IT specialist, SITA.

Mark Prince, Head of Consulting for Security, Voice and Convergence at SITA, said:

"The level of importance given to compliance by these airline IT Security professionals is encouraging but more can be done. Key compliance initiatives such as PCI DSS and ISO27001 are both relevant and time-sensitive. The major payment brands have all issued compliance deadlines for PCI DSS regarding data storage and validation procedures. Visa, for example, has set these at September 2009 and 2010, respectively, dates to which the global airline industry must pay attention."

The survey showed that insufficient resources (54%), budget (49%) and lack of knowledge around the area (47%) are the main barriers to meeting compliance needs in the business. With key issues such as data protection and credit/debit card transaction assurance becoming more increasingly subject to compliance regulation, there is a risk that increased best practice in general security strategy is compromised by compliance shortfalls.

"With regard to proactive prevention, the Middle East leads the way with the Asia Pac region as the most advanced in terms of having virus updates/patches (54%) and data encryption (42%) in place. These two regions are the leaders in getting the balance right between patching or upgrading data encryption applications," Prince added.

The survey provides a breakdown of IT security spending in 2008: 34% of respondents saw their budget remain static while 25% had an increase of between 1 and 5%, and 9% reported an increase of 6% or more. Interestingly, the number of businesses seeing cost cutting as a primary driver for outsourcing has increased considerably from 36% in 2007 to 58% in 2008, demonstrating that cost efficiency is playing a more important role in decision-making in this area of the business.

This year's survey also demonstrates a significant improvement in IT Security best practice. The presence of best practice measures at the airlines increased on average by 14% over last year and though 66% believe there is the need for improved security management information in their organisations, this has dropped by 10 percentage points in just one year and 19 percentage points since the first survey was published in 2007 showing a marked improvement in this area. These are encouraging signs for the industry as the focus on best practice delivers benefits in other areas of IT security management.

SITA's survey shows encouraging signs of improvement in how security threats are evaluated and measured within the sector. It highlights a number of issues that should prove valuable to airlines looking to refine security strategy over the next 12-24 months and also provides a benchmark of current levels of automation surrounding IT security, giving airlines a view of how the industry as a whole is maintaining IT infrastructure vigilance.