The majority of executives worldwide appear to be confident in the effectiveness of their organizations' information security practices, though other responses in an international study suggest that some security capabilities have been deteriorating since 2008.

The finding are from a report titled "2012 Global State of the Information Security Survey," which was commissioned by New York-based accounting firm PricewaterhouseCoopers, along with CIO Magazine and CSO Magazine. For the report, the companies polled more than 9,600 CEOs and other executives from companies in 138 countries.

PwC says two of the most crucial keys to information security effectiveness are having a strategy in place and executing it. In the survey, 43 percent of respondents said they meet both criteria. Surveyors labeled this group as front runners.

Another 27 percent, labeled as strategists, said they are better at getting the strategy right than exercising a plan. Conversely, 15 percent were tacticians who said they are better at getting things done than at defining a strategy.

The balance of respondents fell into a category called firefighters, who said they don't have an effective strategy in place and are typically in a reactive mode.

Despite the confidence of the polled executives, other parts of the survey showed a decline in core security-related capabilities in recent years.

One of the largest drops occurred in investment in business continuity and disaster recovery. In 2011, 39 percent of respondents said they invested in continuity and recovery, down from 53 percent in 2009.

Similarly, 39 percent said their companies review privacy policies annually, down from 52 percent two years earlier.

Of those surveyed, 49 percent said they have staff dedicated to monitoring employee use of the Internet, down from 57 percent two years earlier. Also, 29 percent said their companies have an accurate inventory of locations where data are stored, down from 39 percent in 2009.

The smallest decline in activity occurred in personnel background checks. Fifty-four percent of those surveyed said they conduct background checks, down six percentage points from 2009.

When asked to identify the greatest hurdle to improving information security, CEOs surveyed most frequently pointed to a lack of capital and then themselves. CFOs surveyed also pointed to their CEOs as the main problem, and chief information officers and chief information security officers blamed the lack of progress in that area on a lack of vision and an effective security strategy.

In general, executives in Asia reported greater preparedness than their North American counterparts. In all, about three-fourths of Asian respondents says their organizations have in place an overall security strategy, increased insights into security incidents, and a widely acknowledged importance of security function.