• Grid View
  • List View
  • Trend in IT Security Staff as a Percentage of IT Staff copy - IT Security Staffing Ratios 2022

    IT Security Staffing Ratios 2022

    High-profile security attacks and the impact of remote work continue to put pressure on IT security personnel. This report presents the five-year trend in IT security staffing and provides benchmarks for understanding the IT security staff head count. We analyze IT security staffing in terms of the number of applications, users, and network devices. Our analysis also includes the influence of organization size and sector on staffing requirements. We conclude with recommendations for optimizing IT security staffing. (21 pp., 9 fig.)

    April, 2022

  • Security Tower 2 - Avasant Releases New Benchmarks for IT Security and Cybersecurity Spending

    Avasant Releases New Benchmarks for IT Security and Cybersecurity Spending

    Security and cybersecurity incidents are costly, with losses increasing every year. In light of these growing threats, it is no wonder that organizations in all industries continually rank security as a top priority for new spending. But how much are they spending? To answer this question, we have now released our new report, IT Security, Cybersecurity, and Compliance Spending and Staffing Benchmarks.

    February, 2022

  • Security Tower 2 - IT Security, Cybersecurity, and Compliance Spending Benchmarks 2022

    IT Security, Cybersecurity, and Compliance Spending Benchmarks 2022

    Security and cybersecurity incidents are costly, with losses increasing every year. It is no wonder, then, that organizations continually rank security as a top priority for new spending. But how much are they spending? This report provides spending and staffing benchmarks by industry and organization size for IT security, cybersecurity, and related compliance. Benchmarks are calculated by number of users, organization revenue, and percentage of IT spending, as well as by number of network devices, locations, and endpoints. Security staffing is calculated as a percentage of the IT staff and also per user. Industry benchmarks are provided for business services, financial services, critical infrastructure, public sector, healthcare, manufacturing/distribution, and retail. There is also a breakdown for identity/access management, security policy/awareness, cybersecurity/incident response, threat and vulnerability management, data privacy/security, and governance, risk, and compliance.

    February, 2022

  • Security Adoption and Customer Experience Profile - IT Security a Never-Ending Arms Race

    IT Security a Never-Ending Arms Race

    With increased threats from within and without, IT organizations would love to have a silver bullet for security. Although there is no silver bullet, there is a growing array of security technology available. No wonder then that IT security technology investment and adoption are both high, and businesses can reap the benefits of protection that the technologies provide. This Research Byte summarizes the full report, IT Security Technology Adoption and Customer Experience.

    November, 2021

  • Security Adoption and Customer Experience Profile - IT Security Technology Adoption and Customer Experience 2021

    IT Security Technology Adoption and Customer Experience 2021

    Organizations in all industries and of all sizes need IT security technology, and with threats on the rise the investment rate is the highest of any category of technology that we track. However, return on investment is not as rosy, with security technology earning a moderate rating for ROI. This report examines adoption trends for IT security technology of all types, from basic capabilities such as firewalls and spam filtering to more advanced tools such as incident detection. We analyze the adoption rate, investment rate, and economic experience for security technology overall. We conclude with recommendations for ensuring the success of IT security technology investments.

    November, 2021

  • ITsecoutsourcing2021 - Third-Party Security Providers Evolve to Handle Diverse Threats

    Third-Party Security Providers Evolve to Handle Diverse Threats

    Security has become a major focus for IT leaders in 2021, and companies are now increasing their spending to secure the enterprise, including greater use of third-party security providers. This is because the threat landscape is evolving, as seen most recently in the Colonial Pipeline ransomware attack. This Research Byte summarizes our full report on IT security outsourcing trends.

    May, 2021

  • Outsourcing Frequency IT Security - IT Security Outsourcing Trends and Customer Experience 2021

    IT Security Outsourcing Trends and Customer Experience 2021

    IT security has become a major focus for IT leaders in 2021. This is because the threat landscape is evolving with increased reliance on the cloud, a greater diversity in the IT service portfolio, more employees working from home, and a more burdensome regulatory environment. This report helps IT executives compare their outsourcing activity and experience with other IT organizations. We use three metrics to measure IT security outsourcing activity: how many organizations outsource IT security (frequency), how much of the workload is typically outsourced (level), and the change in the amount of work outsourced (trend). We also measure the cost and service experience of organizations that outsource this function and determine how outsourcing activity and experience vary by organization size and sector. We conclude with recommendations.

    May, 2021

  • Practice Adoption Stages: Security Training

    Call Security: Our People Lack Awareness

    Security training is a business best practice that involves the training of all IT and user personnel in a company’s security policies and procedures to increase awareness and ensure compliance. It is a highly advisable practice for every company. However, our report shows that too many adopters are only conducting security training in an informal manner, which can have dire consequences. This Research Byte provides a summary of our full report on security training best practices.

    April, 2021

  • Practice Adoption Stages: Security Training

    Security Training Adoption and Best Practices 2021

    Security training is a business best practice that involves the training of all IT and user personnel in a company’s security policies, procedures, and best practices to increase awareness and ensure compliance. It is a highly advisable practice for every organization. Many companies report the existence of security training, yet there is ample room for improvement. This report begins by defining security training and summarizing the main types of training available. We next study the adoption and practice levels and examine those by organization size and sector. We conclude with best-practice recommendations.

    April, 2021

  • IT Spending Benchmarks - IT Security Spending Benchmarks

    IT Security Spending Benchmarks

    Although IT security spending as a percentage of the IT budget is flat year over year, the trend has been upward over the past four years. This study establishes benchmarks that enable organizations to assess their spending on IT security software, hardware, and services. The benchmarks include IT security spending as a percentage of the IT budget and IT security spending per user. We examine the four-year trend in these benchmarks as well as variances by organization size and sector. We conclude with recommendations for optimizing IT security costs and ensuring the budget is spent effectively. (19 pp., 10 fig.) [Research Byte]

    September, 2016

  • IT Best Practices - Making Security an Integral Part of Project Management

    Making Security an Integral Part of Project Management

    Vulnerabilities are often introduced into an organization when changes are made to its technology, business processes, or facilities. Therefore, security should be an important element of project management, to ensure that the security implications of these changes are addressed. However, a survey by Computer Economics suggests that executives have not adequately integrated their security and project management functions. This article presents the results of our survey on the role of security in project management. Additionally, we review the positive impact that security can have on project management practices. (5 pp., 9 figs.) [Executive Summary]

    August, 2007

  • IT Best Practices - NIST Developed Processes for Securing IT Systems Improve Effectiveness

    NIST Developed Processes for Securing IT Systems Improve Effectiveness

    The National Institute of Standards and Technology developed guidelines for certifying and accrediting the security of IT systems. The completeness of these procedures and their suitability for systems of any size make them useful tools for managers to apply toward the protection of their systems. The risk assessment methodologies and verification procedures can be tailored to fit within the budgets of any mission-critical application.

    March, 2003

  • IT Best Practices - IT Security in Banking, Finance, and Insurance

    IT Security in Banking, Finance, and Insurance

    This article provides key findings for the banking, finance, and insurance industry from our 2002 report, IT Security, Perceptions, Awareness, and Practices. Acces to the full report is also provided.

    December, 2002

  • IT Best Practices - IT Security in Manufacturing Firms

    IT Security in Manufacturing Firms

    This article provides key findings for the manufacturing industry from our 2002 report, IT Security, Perceptions, Awareness, and Practices. Acces to the full report is also provided.

    November, 2002