IT Security a Never-Ending Arms Race

November, 2021

Faced with increased threats from within and without, IT organizations would love to have a silver bullet for security. Although there is no silver bullet, there is a growing array of security technology available. No wonder then that IT security technology investment and adoption are both high, and businesses can reap the benefits of protection that the technologies provide. However, despite the threat environment and the high adoption rate, companies are finding difficulty keeping the security investments within budget, and return on investment (ROI) is murky at best.

As seen in Figure 1 from our full report, IT Security Technology Adoption and Customer Experience, the adoption, investment, and satisfaction rates are high. However, the ROI success rate is moderate and the total cost of ownership (TCO) success rate for security technology is low compared with other technologies in the study.

Security Adoption and Customer Experience Profile 1030x687 - IT Security a Never-Ending Arms Race

Nevertheless, the motivation for new investments in IT security is strong. The arrival of the pandemic has created new threats as the rise of work-from anywhere has changed the enterprise perimeter and forced organizations to protect devices that they may not own. It is not an exaggeration to call IT security a never-ending arms race. As such, we expect IT security to be at the top of the list for new investments for the foreseeable future.

“Investing in IT security technology will not produce direct financial returns to a business,” said Tracell Frederick, research analyst/editor for Computer Economics, a service of Avasant Research, based in Los Angeles. “Indirectly, the financial return is the data safety net that IT security technology provides in the event of a cybersecurity attack. It’s really all about risk mitigation.”

We define security technology as any technology intended to protect the organization against security threats, detect them, or respond to them. This would include a broad range of technologies from simple firewalls and malware protection to AI and machine-learning-based threat detection. Because there is such a variety of technologies, our survey does not attempt to cover an exhaustive list, but rather a representative sample. The list will change from year to year.

Our full report examines adoption trends for IT security technology of all types, from basic capabilities, such as firewalls and spam filtering, to more advanced technologies, such as incident detection, and everything in between. We analyze the adoption rate, investment rate, and economic experience for security technology overall. We conclude with recommendations for ensuring the success of IT security technology investments. Because IT security technology is most often implemented as a risk mitigation measure, it can be difficult to think of its investments in terms of ROI. Therefore, in assessing the ROI, we asked our respondents simply to consider whether the reduction in risk has been worth the investment. We also evaluate the cost-side of the equation, by measuring the percentage of organizations that exceed budgets for total cost of ownership (TCO).

This Research Byte is a brief overview of our report on this subject, IT Security Technology Adoption and Customer Experience. The full report is available at no charge for subscribers, or it may be purchased by non-subscribers directly from our website (click for pricing).