IT security spending is only a small part of the IT budget, but it has been steadily growing and will continue to do so according to our report, IT Security Spending Benchmarks.
According to the report, IT spending has remained at 1.4% this year after a steady rise during the last few years. However, Figure 10 from the full report shows that organizations of all sizes are planning to increase spending on IT security, with 81% of large organizations, 77% of midsize organizations, and 56% of small organizations planning an increase. Only a scant 3% of small organizations plan a decrease in spending. No other organizations plan a decrease.
IT security spending has always been an important, if small, part of the IT budget, and security threats are nothing new. So why the increase in spending now? The reasons include increased media scrutiny over security incidents, increased regulation and compliance costs, and a constantly widening array of threats.
“However, one thing we shouldn’t overlook,” said David Wagner, vice president, research, for Computer Economics of Irvine, Calif., “is the changing nature of IT security. Many security experts are recommending turning away from a perimeter defense strategy which tries to prevent breaches from occurring to a ‘monitor and mitigate’ approach which emphasizes identifying incidents quickly and dealing with them before too much damage occurs. This requires investment in new skills and technology.”
The IT security spending benchmarks only track spending for non-personnel spending, including acquisition and maintenance costs for security hardware, software, and services such as outside security audits, assessments, penetration testing, and managed security services. For IT personnel spending (which is also rising), we cover that in a separate report, IT Security Staffing Ratios.
The full report establishes benchmarks that enable organizations to assess their spending on IT security software, hardware, and services. The benchmarks include IT security spending as a percentage of the IT budget and IT security spending per user. We examine the four-year trend in these benchmarks as well as variances by organization size and sector. We conclude with recommendations for optimizing IT security costs and ensuring the budget is spent effectively.
This Research Byte is a brief overview of our report on this subject, IT Security Spending Benchmarks. The full report is available at no charge for Computer Economics clients, or it may be purchased by non-clients directly from our website (click for pricing).