Concerns over reputation and brand protection are key drivers of information security for nearly three-quarters of companies worldwide.

The findings come from the latest Global Information Security Workforce Study from ISC2 published at Infosec Europe 2008.

'Corporate image' topped the list of top priorities for motivating information security governance, but the privacy of customer data, identity theft and breach of laws and regulations are also key factors.

The fourth edition of the study was conducted by Frost & Sullivan and surveyed 7,548 information security professionals from companies and public sector organisations in more than 100 countries.

Small and mid-size organisations of up to 500 employees accounted for nearly 60 per cent of respondents to this year's survey, and it seems that the security message is no longer the preserve of large enterprises.

The report attributes this attitude shift to business requirements and compliance, including the impact of the payment card industry's PCI-DSS as well the increased public awareness of security issues.

"This year's study offers evidence of changing priorities for companies and subsequently a changing focus for information security professionals," said John Colley, managing director of ISC2 in EMEA.

Organisations are coming under increased pressure over data loss and compliance, and the role of information security at the executive level has been raised significantly in recent years.

The proportion of information security professionals reporting to executive management is now 33 per cent globally, compared to 21 per cent in the first ISC2 survey in 2003.

The report also found that information security governance is becoming more focused on protecting data at rest and in transit.

Wireless security solutions, cryptography, storage security and biometrics feature in the top five technologies being deployed in most regions.

The security profession is maturing globally, according to the report, and average experience levels for security professionals are now around 9.5 years in the Americas, 8.3 years in EMEA and 7.1 years in Asia-Pacific.

Frost & Sullivan estimates the number of information security professionals worldwide to be around 1.66 million, but expects this to grow to about 2.7 million by 2012.

"It is understandable that the field is on pace to continue strong growth, despite slowing economic conditions worldwide," said Colley.

"Pressure to ensure responsible, secure business practice is coming from such mainstream influence as customer pressure."