By nearly every measure, large firms lag behind mid-size organizations in IT security spending, staffing, technology, and management best practices.
According to the recently released Computer Economics report, the 2006 IT Security Study: The Current State of IT Security Budgets, Management Practices, and Security Incidents, companies with over $750 million in annual revenues lag behind mid-size firms in relative spending for IT security, adoption rates for security technologies, and deployment of best practices for IT security management.
In addition, many companies of all sizes fail to implement a number of basic security management best practices. For example, 65% of all organizations do not provide periodic IT security training for their employees, and 67% do not conduct periodic software audits of desktop computers to ensure that unauthorized programs or content are not present. A number of other statistics from the study confirm this finding.
The study also found that, in spite of these deficiencies, most companies are not authorizing more money for IT security. “The median company in our study had zero increase in IT security spending last year, and the budget increases that did occur were mainly among small and mid-size firms,” said Frank Scavo, President, Computer Economics. “IT security may be a hot topic, but that doesn’t mean that management is willing to spend more money on it.”
Mark McManus, Vice President of Research, added, “The budget squeeze is most evident among small firms and large firms, where roughly half of the respondents said that their security budgets are not adequate to provide the level of IT security needed. In mid-size firms, only about a fifth of the respondents felt that way.”
The study, based on a survey of North American IT security managers, analyzes information security spending, staffing, incidents, the rate of technology adoption, and the deployment of security best practices for large, medium, and small organizations.
The full 186 page study, 2006 IT Security Study: The Current State of IT Security Budgets, Management Practices, and Security Incidents, with over 150 charts is available for instant online purchase from the Computer Economics website. An executive summary with key findings and trends is also available.