Downturn drives up IT security spending

Trade

27 April 2009

Even as organisations adapt to the economic crisis through cost-cutting and restructurings, they are making investments to strengthen IT security.

This is among the findings of a global survey sponsored by CA, the enterprise IT management software firm .

The study found that 42% of organisations anticipate an increase in budget for IT security, while 50% expect budgets to stay flat, and only 8% foresaw a cut. IT security budgets are being driven upward by the prospect of new regulations and a perception that restructurings will increase internal threats.

 

advertisement



 

Companies already spend a significant slice of their IT security budget on compliance:

  • On average, firms in North America spend 26% of their IT security budget on compliance initiatives, while firms in Asia Pacific spend 37%, and EMEA and Latin America spend 19% and 17% respectively.
  • On average 78% of firms surveyed globally believe new regulations and mandates will increase IT spending and efforts.
  • Survey responses showed that security budgets correlate to how regulated the company is. For example, an organisation that is highly regulated and must comply with 50 or more regulations, spends about 3.5 times more on IT Security than a company that is more lightly regulated, with fewer than 10 mandates.

“The need for firms to have the security systems, processes and reporting structures in place to help them verify compliance has always been one of the strongest drivers for security software such as identity and access management, security information management and data loss prevention,” said Lina Liberti, VP of marketing at CA Security Management.

She added: “Despite the need to cut costs, organisations continue to invest in security tools that will help them automate labour-intensive, manual compliance procedures such as reporting, deprovisioning users’ entitlements, and removal of orphan accounts. The goal is to automate compliance systems to reduce errors that can result in audit failures while demonstrating the value in an IT security investment more quickly through streamlined processes.”

The economy also has forced many firms to restructure their organisations, which has often resulted in layoffs. Some 7% of mid-market firms and 73% of enterprise organisations believe that layoffs have increased the internal threat to IT systems.

Whether a security incident is caused by an internal or external threat, the impact on an organisation in euros is significant, and it has an effect on security spending:

  • Survey responses showed security incidents at firms in North America cost an average loss of nearly $418,000, with most reporting losses of over $500,000. The real number is likely greater when factoring in lost time identifying and fixing the breach, and the damage to corporate reputation.
  • Survey respondents who reported an increase in IT security spending also reported a higher number of internal and external incidents.

The study surveyed more than 400 IT directors (or more senior) from large and medium enterprises representing firms headquartered in Asia Pacific, Europe, North America, and Latin America. The study also included qualitative feedback from focus groups and in-depth interviews of IT security directors (or above) in the US, UK and Germany.

The survey was conducted by GMG Insights, which provides analysis, research and strategy service to firms with complex business-to-business sales.

Read More:


Back to Top ↑