By nearly every measure, large firms lag behind mid-size organizations in IT security spending, staffing, technology, and management best practices.
According to the recently released Computer Economics report, the 2006 IT Security Study: The Current State of IT Security Budgets, Management Practices, and Security Incidents, companies with over $750 million in annual revenues lag behind mid-size firms in relative spending for IT security, adoption rates for security technologies, and deployment of best practices for IT security management.
In addition, many companies of all sizes fail to implement a number of basic security management best practices. For example, 65% of all organizations do not provide periodic IT security training for their employees, and 67% do not conduct periodic software audits of desktop computers to ensure that unauthorized programs or content are not present. A number of other statistics from the study confirm this finding.
The study also found that, in spite of these deficiencies, most companies are not authorizing more money for IT security. “The median company in our study had zero increase in IT security spending last year, and the budget increases that did occur were mainly among small and mid-size firms,” said Frank Scavo, President, Computer Economics. “IT security may be a hot topic, but that doesn’t mean that management is willing to spend more money on it.”
Mark McManus, Vice President of Research, added, “The budget squeeze is most evident among small firms and large firms, where roughly half of the respondents said that their security budgets are not adequate to provide the level of IT security needed. In mid-size firms, only about a fifth of the respondents felt that way.”
The study, based on a survey of North American IT security managers, analyzes information security spending, staffing, incidents, the rate of technology adoption, and the deployment of security best practices for large, medium, and small organizations.
The full 186 page study, 2006 IT Security Study: The Current State of IT Security Budgets, Management Practices, and Security Incidents, with over 150 charts is available for instant online purchase from the Computer Economics website. An executive summary with key findings and trends is also available.
Avasant’s research and other publications are based on information from the best available sources and Avasant’s independent assessment and analysis at the time of publication. Avasant takes no responsibility and assumes no liability for any error/omission or the accuracy of information contained in its research publications. Avasant does not endorse any provider, product or service described in its RadarView™ publications or any other research publications that it makes available to its users, and does not advise users to select only those providers recognized in these publications. Avasant disclaims all warranties, expressed or implied, including any warranties of merchantability or fitness for a particular purpose. None of the graphics, descriptions, research, excerpts, samples or any other content provided in the report(s) or any of its research publications may be reprinted, reproduced, redistributed or used for any external commercial purpose without prior permission from Avasant, LLC. All rights are reserved by Avasant, LLC.
Login to get free content each month and build your personal library at Avasant.com
