More than one-third say that company-owned mobile devices have been adopted but use of personal devices is not allowed for business. The survey found that 36% have acquired mobile-device management software and 31% now have a "governance process to manage the use of mobile ." Encryption plays a central role for 40% of CIOs and CISOs surveyed.

In terms of budgets for the next 12 months, 30% said they expect information security funding increasing from 5% to 15%, while 9% of respondents anticipate a budget increase of 25% or more. Security budgets are expected to remain the same for 44%. About a third said they spend at least $1 million per year on information security.

Just over half said the area of highest priority for them is business continuity, including management and disaster recovery. But one surprise, the report states, is that the second-highest priority is "a fundamental redesign of their information security program."

This appears to reflect on the security gaps that these CIOs and CISOs acknowledge exist in their organizations adopting cloud computing and tablet adoption. 55% said they plan to spend more to secure new technologies, while 63% acknowledged that they felt they had "no formal architecture framework in place, nor are they necessarily planning on using one." The Ernst & Young study indicated these IT professionals may feel they have "a patchwork of non-integrated, complex and fragile defenses" that creates gaps in their security.

Those that did have a defined security architecture pointed to the Open Group Architecture Framework, the ANSI/IEEE 1471:ISO/IEC 42010 standards, and other references such as defense department frameworks defined in the U.S. and the United Kingdom.