More than 1200 senior IT professionals worldwide were surveyed for the report, a two-part questionnaire based on benchmarked security standards. The survey also found a level-headed approach among respondents towards information security as an outsourced IT function.

"Participants in the 2006 and 2005 surveys were overwhelmingly emphatic about not wanting to outsource their information security activities. 60 percent of 2006 respondents who are planning to or who have already outsourced information security duties say outsourcing is a way to make more of their valuable resources available within their companies," the report said.

Australia represented between 57 and 48 respondents in the survey overall. On one key question, "If you have decided on outsourcing or have already outsourced, select the top three drivers with respect to their importance?" 65 percent said they did so to release internal resources, 63 percent cited the difficulty in maintaining in-house capabilities was the driver and 56 said it was due to an improved quality of service.

Bruce Young, Ernst & Young Oceania technology and risk services partner, said organizations in Australia are bolstering their control environment, and internal resources, by using security outsourcing.

Young said generally outsourcing is being done on what makes commercial sense and is approached with more intelligence.