Security Budgets Get Boost

Spending on information security is up, but companies are making these investments at the expense of other IT initiatives. According to a recent report by US-based Meta Group, 41 per cent of companies worldwide are spending at least 5 per cent of their IT budgets on information security, up from 33 per cent of companies in 2001. By the end of 2003, Meta Group expects 55 per cent of companies to be budgeting at least 5 per cent of their IT spending toward security.

"The biggest problem at this point is it is taking IT dollars from other functions, and that continues to grow," says Chris Byrnes, vice president for security programs at Meta Group. "If things don’t turn around it will continue to cannibalise other IT functions."

Byrnes says application development and IT operations will be most affected as CIOs are pressured to control costs while investing in security. He also says areas such as customer relationship management and storage, areas previously expected to boom, will also take a backseat to security investments. "We see incremental growth in some cases," Byrnes says, "but it’s very, very low."

The Meta analyst believes that there are still many companies, however, that are not investing enough in security. According to the report, 41 per cent are investing as little as 2 per cent or less of their IT budget on security. "They’re unsecure,"Byrnes says. "Above that [figure] you’re looking at companies making more intelligent business decisions about how much security is appropriate."

Byrnes says financial institutions tend to spend the most on security, with 6 to 10 per cent of IT budgets allocated for it. Manufacturing companies (with minimal labour/management strife) fall in the 3 to 4 per cent range. Energy companies, as part of the nation’s critical infrastructure, fall in the 4 to 6 per cent range. Byrnes says most industries are spending between 3 to 5 per cent, and they’re comfortable with that figure.

"These spending levels are a result of underinvestment in good times," Byrnes says. "We believe that this is a trend that will continue over at least the next two years."

Copyright © 2002 IDG Communications, Inc.

The 10 most powerful cybersecurity companies