IT security spending is only a small part of the IT budget, but it has been steadily growing and will continue to do so according to our report, IT Security Spending Benchmarks.
According to the report, IT spending has remained at 1.4% this year after a steady rise during the last few years. However, Figure 10 from the full report shows that organizations of all sizes are planning to increase spending on IT security, with 81% of large organizations, 77% of midsize organizations, and 56% of small organizations planning an increase. Only a scant 3% of small organizations plan a decrease in spending. No other organizations plan a decrease.
IT security spending has always been an important, if small, part of the IT budget, and security threats are nothing new. So why the increase in spending now? The reasons include increased media scrutiny over security incidents, increased regulation and compliance costs, and a constantly widening array of threats.
“However, one thing we shouldn’t overlook,” said David Wagner, vice president, research, for Computer Economics of Irvine, Calif., “is the changing nature of IT security. Many security experts are recommending turning away from a perimeter defense strategy which tries to prevent breaches from occurring to a ‚Äòmonitor and mitigate’ approach which emphasizes identifying incidents quickly and dealing with them before too much damage occurs. This requires investment in new skills and technology.”
The IT security spending benchmarks only track spending for non-personnel spending, including acquisition and maintenance costs for security hardware, software, and services such as outside security audits, assessments, penetration testing, and managed security services. For IT personnel spending (which is also rising), we cover that in a separate report, IT Security Staffing Ratios.
The full report establishes benchmarks that enable organizations to assess their spending on IT security software, hardware, and services. The benchmarks include IT security spending as a percentage of the IT budget and IT security spending per user. We examine the four-year trend in these benchmarks as well as variances by organization size and sector. We conclude with recommendations for optimizing IT security costs and ensuring the budget is spent effectively.
This Research Byte is a brief overview of our report on this subject, IT Security Spending Benchmarks. The full report is available at no charge for Computer Economics clients, or it may be purchased by non-clients directly from our website (click for pricing).
Avasant’s research and other publications are based on information from the best available sources and Avasant’s independent assessment and analysis at the time of publication. Avasant takes no responsibility and assumes no liability for any error/omission or the accuracy of information contained in its research publications. Avasant does not endorse any provider, product or service described in its RadarView™ publications or any other research publications that it makes available to its users, and does not advise users to select only those providers recognized in these publications. Avasant disclaims all warranties, expressed or implied, including any warranties of merchantability or fitness for a particular purpose. None of the graphics, descriptions, research, excerpts, samples or any other content provided in the report(s) or any of its research publications may be reprinted, reproduced, redistributed or used for any external commercial purpose without prior permission from Avasant, LLC. All rights are reserved by Avasant, LLC.
Login to get free content each month and build your personal library at Avasant.com
