October 18, 2017  
  Home About Us Contact Us
 Read terms of use Login Problems?
Help for Search
Subscribe to the Computer Economics Report. Free sample issue.
Research Sections
Major Studies
IT Management Advisories
Valuation Data
...and More
Register for free research notification
Computer Economics 2006 IT Security Study
IT Security Study: The Current State of IT Security Budgets, Management Practices, and Security IncidentsOur 2006 IT Security Study: The Current State of IT Security Budgets, Management Practices, and Security Incidents, provides a comprehensive view of the current state of information security in North America.

For IT decision-makers, this study provides objective data and key metrics for the following uses:

  • Benchmarking and justifying the organization's IT security budget and staffing levels by comparing them with those of organizations of similar size.
  • Evaluating various network and computer security technologies by understanding their level of adoption within industry overall and within companies of similar size.
  • Assessing the organization's commitment to IT security by understanding the extent to which other firms have instituted or are in process of implementing various IT security best practices.
  • Prioritizing IT security initiatives based upon current estimates of IT security incidents by type.

For vendors of IT security products and services, this study is a valuable source of information for understanding market opportunities. The study provides hard data that can be used to formulate or validate assumptions underlying business development plans.

Read a short summary of just one of the key findings from this study: IT Security--Large Firms Lag Behind.

Chapter 1, the Executive Summary, summarizes the key findings of the full report and provides supporting statistics. The Executive Summary also includes key findings from the related Malware Report, details of the survey demographics by industry sector and job position, and a comparison with the CSI/FBI security survey. The Executive Summary is 21 pages, with six charts and tables. 

See the bottom of this page for special pricing by chapter.

The remaining chapters (2-5) present the detailed results of the IT Security Survey along with our analysis based on interviews with IT security experts. Chapter 2 provides the composite results for all organizations that participated in the survey. Chapter 3 present statistics for small organizations (revenues between U.S. $100 million and $250 million). Chapter 4 presents statistics for medium organizations ($250 million to $750 million). Chapter 5 presents statistics for large organizations (over $750 million).

Statistics include the following:

  • IT Security Budget Ratios and Trends: including the IT security budget as percentage of the total IT budget, budget change from last year, budget cost allocation in dollars, budget cost per desktop, and cost by major category. These statistics are presented at the median, 25th percentile, and 75th percentile, where appropriate.
  • IT Security Staffing Ratios and Trends: including the ratio of IT security employees to total IT staff, the number of IT security personnel per thousand desktops, and the IT security management reporting structure. These statistics are presented at the median, 25th percentile, and 75th percentile, where appropriate.
  • IT Security Technology Adoption Trends: including statistics on the adoption of  specific and representative IT security technologies, namely, spam filtering, VPN, WEP, WPA, server access controls, intrusion alerts, intrusion prevention, encryption, PKI, password management, smart cards, password tokens, and biometrics.
  • IT Security Management Practices: including percent of companies that have deployed IT security policies and procedures, physical access controls, document shredding, application and data access controls, password syntax controls, password rotation, password cancellation for terminated employees, restriction of desktop administration rights, periodic security training, desktop software audits, security audits, and security certifications.

Chapter 2 also provides summary statistics for the IT security incidents,  such as cybercrime and other threats experienced by respondents in the composite sample, including: number of infosec incidents by source, percentage of incidents by point of entry, and the impact of IT security incidents on corporate websites.

Among the nearly 200 pages of detailed statistics, this year's study found several significant trends:

  • By nearly every measure, large firms lag behind mid-size organizations in IT security spending, staffing, technology, and management best practices. The full report provides details to substantiate this finding with nine metrics of security spending and staffing, analysis of the adoption rate of 25 representative security technologies and management best practices.
  • Many companies of all sizes fail to implement a number of basic security management best practices. The full report explains how organizations in each size category stack up against 12 representative management best practices for IT security.
  • In spite of deficiencies, most companies are not authorizing more money for information and data security. This is evidenced by changes in IT budgets provided in this report and the respondents' assessment of the adequacy of those budgets to provide protection against criminal activity and other information security risks.

See the bottom of this page for special pricing by chapter.


Chapter 1: Executive Summary

IT Security Study Highlights
Malware Study Highlights
About This Study
Contents by Chapter
Study Participants
Survey Administration
Industry Sector Representation
Job Function Representation
Comparison With the CSI/FBI Survey

Chapter 2: Statistics for the Composite Sample (All Organizations)

IT Security Budget and Staffing Ratios with Trends: These statistics are presented at the median, 25th percentile, and 75th percentile, where appropriate.

IT Security Budget as a Percentage of Total IT Budget
IT Security Budget Changes
IT Security Budget Allocation in Dollars (U.S.)
IT Security Budget Allocation per Desktop
IT Security Budget Allocation by Major Category
Adequacy of IT Security Budgets
Ratio of IT Security Personnel to Total IT Staff
Number of IT Security Personnel per Thousand Desktops
IT Security Management Reporting Structure

IT Security Technology Adoption Trends

Adoption of Spam Filtering
Adoption of Virtual Private Networks
Adoption of Wired Equivalent Privacy (WEP)
Adoption of Wi-Fi Protected Access (WPA)
Adoption of Server Access Controls
Adoption of Intrusion Alerts
Adoption of Intrusion Prevention Systems
Adoption of Encryption
Adoption of Public Key Infrastructure (PKI) Systems
Adoption of Password Management
Adoption of Smart Cards
Adoption of Password Tokens
Adoption of Biometrics

IT Security Management Practices

IT Security Policies and Procedures
Physical Security Access Controls
Document Shredding Policy
Application and Data Access Controls
Password Syntax Controls
Forced Password Rotation
Password Cancellation for Terminated Employees
Desktop Administration Rights
Periodic IT Security Training for All Employees
PC Software Audits
IT Security Audits
IT Security Certification for Security Staff

IT Security Incident Statistics

Number of IT Security Incidents by Source
Percentage of IT Security Incidents by Point of Entry
Impact of IT Security Incidents on Websites

Statistics by Organizational Size
These chapters provide the same statistics as show in Chapter 2, with the exception of the IT Security Incident statistics, which are only provided for the composite sample.

Chapter 3: Small Organizations ($100 million to $250 million U.S. in annual revenue)

Chapter 4: Medium Organizations ($250 million to $750 million)

Chapter 5: Large Organizations (over $750 million)

Purchasing Options: Pricing by Chapter

Chapter 1, the Executive Summary: $45

Chapter 1 and 2, the Composite Statistics: $295

Chapters 1, 2, and 3, the Composite and Small Organization Statistics: $495

Chapters 1, 2, and 4, the Composite and Medium Organization Statistics: $495

Chapters 1, 2, and 5, the Composite and Large Organization Statistics: $495

The Full Study: $995 (all chapters) 

Update! For an assessment of current IT security threat levels in 12 categories, please see our new study, Trends in IT Security Threats: 2007 (priced separately).

Still have questions about this study?

Contact our analyst staff now.


Help Desk    Alliances     Privacy Policy  


© Computer Economics • 2082 Business Center Dr. Ste 240, Irvine, CA 92612 • tel: (949) 831-8700