• United States



Contributing Writer

Information Security Budgets Will Increase in 2012

Jan 24, 20122 mins
Advanced Persistent ThreatsCheck PointCisco Systems

New information security initiatives a top IT priority

As part of our annual IT Spending Intentions survey, ESG asks IT professionals about overall spending trends for the coming year.  Like other analyst firms, ESG found that IT budgets will increase in 2012, albeit at a modest rate.

When it comes to information security budgets however, growth should be more robust.  More than half (61%) of mid market (i.e. less than 1,000 employees) and enterprise (i.e. more than 1,000 employees) will increase security spending in 2012, and of these, 18% will bolster security spending by 8% or more.  These results are similar to the data collected in the ESG Research about Advanced Persistent Threats. 

ESG also discovered that information security initiatives were also identified as one of the top 5 IT priorities for 2012.

Where will this money be spent? 

1.       Headcount.  ESG found that 35% of organizations plan to hire additional security staff – if they can find skilled professionals available (see my last blog).

2.       Network security.  Just over half (52%) or organizations will make additional investments in network security technologies (i.e. firewalls, IDS/IPS, gateway devices, etc.).  Why?  Because they need additional scale, integration, and security services at the network level.  Good news for Cisco, Check Point, Juniper, McAfee, Palo Alto Networks, and Sourcefire.  Other high priorities identified were mobile security, endpoint security, and SIEM.

3.       Advanced malware protection.  With the rise of APTs, hacktivism, and other types of sophisticated attacks, organizations have no choice other than adopting a “belts and suspenders” model for anti-malware.  This will benefit startups like Countertack, Damballa, and FireEye, as well as established leaders like RSA, Sourcefire, and Trend Micro.

4.       Security services.  Given the threat landscape, shortage of skilled security professionals, and increasingly complex IT environment, many organizations will decide to punt and outsource security tasks to professional services and SaaS providers.  It’s likely that HP, IBM, Unisys, and Symantec will gain share here. 

Contributing Writer

Jon Oltsik is a distinguished analyst, fellow, and the founder of the ESG’s cybersecurity service. With over 35 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies. Jon focuses on areas such as cyber-risk management, security operations, and all things related to CISOs.

More from this author