The survey revealed that 90 percent of respondents rated security as "important" or "very important".
The results showed investment in IT security was increasingly the result of proactive corporate policies and less a response to security breaches, reflecting the rise in corporate concern over hacking and virus infiltrations as well as a increased general awareness of security issues.
However, around a quarter of respondents cited security breaches as driving IT security investment, indicating several companies are yet to properly prioritise the area.
A key driver behind security investment included increased usage of the Internet and intranets, with two thirds of organisations rating increased Internet usage as a dominant influence of security investment.
Another key driver is the increase in mobile computing, with 31 per cent of those surveyed indicating this had a significant influence on investment.
Paul Ducklin, head of global support for Sophos antivirus, told ZDNet Australia that changes in viruses were encouraging companies to become more proactive. For instance, recent viruses such as Klez and Bugbear spoof the sender address, so the old practice of informing people they have a virus no long has any effect.
"Furthermore, modern viruses commonly and deliberately send out confidential data, or leave behind back doors which open up networks to later unauthorised access," said Ducklin. "Recent beefing up of privacy regulations mean that confidentiality lapses of this sort are no longer just the IT department's problem, they are very much the board's problem, too."
According to Ducklin, the big threat in the past had been that a virus could wipe your hard drive, but now the threat is the release of confidential information. "If you think about it, if you've got good backup you can restore a hard disk," he said. "What you cannot do is recall an e-mail once it has been sent."
John Donovan, the general manager of Symantec, said the reasons for purchasing security hadn't changed, but there is more clarity now. "The focus is coming from the top level, because they understand security is a business issue, not just an IT issue," he said.
"There's a better focus on the context of those point product solutions and the role they play in the enterprise," said Donovan.
