Exclusive Research: Enterprise Security Spending Trends

By Guy Currier  |  Posted 03-11-2011 Print Email
Our latest spending study reveals the many areas of the IT budget that are affected by security needs. It also highlights how many organizations are paying hidden costs with a piecemeal approach in which no central security investments exist to provide guidance, strategy or measurable results.

When we initially set out to examine how organizations were budgeting and spending on IT security, we knew it would not be a straightforward or simple proposition. Security spending doesn't take place in a single, well-defined area, with one set of budget lines and discrete products. Rather, whatever IT security strategies, procedures or resources may exist at your organization, there's a good chance that the associated costs are largely, even exclusively, buried under nonsecurity headings.That's why we couldn't just ask about IT security budgets; we had to ask about security-related spending within other budget lines as well. And we had to understand the relationship between the two.

In January 2011, we fielded an online survey to members of our extensive database of enterprise IT executives, asking them about security budgets and about the influence IT security has on nonsecurity budgets. (Editors note: You may also download this report, Enterprise Security Spending Trends, with accompanying charts in PDF form.) The survey received 164 responses from individuals knowledgeable in these areas and working in organizations with at least 50 employees; 49 percent of respondents work in enterprises with at least 1,000 employees.

We were surprised to learn that half of these organizations actually have no dedicated, corporatewide budget for IT security (see Finding 1.1). This is true even in the largest organizations, and it means that spending, including staffing, frequently occurs on the departmental, project and application levels. The implication is clear: Security planning is not occurring on a strategic level as much as it should.



 

Submit a Comment

Loading Comments...