"This is a great opportunity for IT to engage with the business to help take it forward in challenging economic times," said Jason Creasey, head of research at the Information Security Forum (ISF).
The pressure is on, with 63% of ISF members reporting that they expect budgets to drop in 2009, according to an ISF report on managing security in a downturn.
According to the report, the financial crisis has also accelerated the change and sophistication of new threats to information security.
"Organisations need to prioritise spending to protect the most important assets, assuming they know what these are," said Creasey.
Specific threats include the rapid increase in targeted and organised cybercrime, espionage, risk to intellectual property, internal and external fraud and theft of information from disgruntled employees.
"Both internal and external threats are higher, with increasing staff turnover and dissatisfaction coupled with a trend to more organised profit-driven crime," said Creasey.
Changes in risk and the way attacks occur means their effects are harder to predict, soa new approach is required that does not rely on past experience.
"Instead we need to approach each instance as something new and be rational and flexible in providing the solutions," said Creasey.