New information security initiatives a top IT priority As part of our annual IT Spending Intentions survey, ESG asks IT professionals about overall spending trends for the coming year. Like other analyst firms, ESG found that IT budgets will increase in 2012, albeit at a modest rate.When it comes to information security budgets however, growth should be more robust. More than half (61%) of mid market (i.e. less than 1,000 employees) and enterprise (i.e. more than 1,000 employees) will increase security spending in 2012, and of these, 18% will bolster security spending by 8% or more. These results are similar to the data collected in the ESG Research about Advanced Persistent Threats. ESG also discovered that information security initiatives were also identified as one of the top 5 IT priorities for 2012.Where will this money be spent? 1. Headcount. ESG found that 35% of organizations plan to hire additional security staff – if they can find skilled professionals available (see my last blog).2. Network security. Just over half (52%) or organizations will make additional investments in network security technologies (i.e. firewalls, IDS/IPS, gateway devices, etc.). Why? Because they need additional scale, integration, and security services at the network level. Good news for Cisco, Check Point, Juniper, McAfee, Palo Alto Networks, and Sourcefire. Other high priorities identified were mobile security, endpoint security, and SIEM. 3. Advanced malware protection. With the rise of APTs, hacktivism, and other types of sophisticated attacks, organizations have no choice other than adopting a “belts and suspenders” model for anti-malware. This will benefit startups like Countertack, Damballa, and FireEye, as well as established leaders like RSA, Sourcefire, and Trend Micro.4. Security services. Given the threat landscape, shortage of skilled security professionals, and increasingly complex IT environment, many organizations will decide to punt and outsource security tasks to professional services and SaaS providers. It’s likely that HP, IBM, Unisys, and Symantec will gain share here. Related content analysis 5 things security pros want from XDR platforms New research shows that while extended detection and response (XDR) remains a nebulous topic, security pros know what they want from an XDR platform. By Jon Oltsik Jul 07, 2022 3 mins Intrusion Detection Software Incident Response opinion Bye-bye best-of-breed? ESG research finds that organizations are increasingly integrating security technologies and purchasing multi-product security platforms, changing the industry in the process. By Jon Oltsik Jun 14, 2022 4 mins Security Software opinion SOC modernization: 8 key considerations Organizations need SOC transformation for security efficacy and operational efficiency. Technology vendors should come to this year’s RSA Conference with clear messages and plans, not industry hyperbole. By Jon Oltsik Apr 27, 2022 6 mins RSA Conference Security Operations Center opinion 5 ways to improve security hygiene and posture management Security professionals suggest continuous controls validation, process automation, and integrating security and IT technologies. By Jon Oltsik Apr 05, 2022 4 mins Security Practices Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe