Security Budget: How Much Is Enough?

Thursday, September 30, 2010 @ 08:09 AM gHale


As it is for most things, you get what you pay for. The same concept falls in line with security as with the more you pay, the more secure you will be. But just how far can you go?
New research by Gartner shows how far some companies will spend.
Security is a trade-off between risk and cost, and enterprises in different industries may spend more or less depending on their situation, said Ian Reeves, a managing vice president for Gartner Consulting.
A survey of 1,500 or so companies worldwide found businesses spend an average of 5% of their total IT budget on security, according to Gartner’s IT Key Metrics Data for 2010. Gartner also broke it down to security spending per employee, which averaged around $525 annually in 2009, compared to $636 in 2008 and $510 in 2007.
Of the total IT security budget, 37% goes toward personnel, 25% on software, 20% on hardware, 10% on outsourcing and 9% on consulting.
Companies should not necessarily worry if spending is higher or lower than the average, Reeves said. A more important question is why spending is at a certain level and whether that is good or bad, Reeves said.
It’s possible to spend a fortune on security, but if a company poorly implements the solution, it doesn’t help a business, said David Lello, a director at Gartner Consulting.
Main reasons for security spending include targeted malicious software attacks, cybercrime, regulation, remote access and new delivery models for services, such as cloud computing and software-as-a-service.
Companies ranked intrusion detection and prevention as the top security priority, followed by patch management, data loss prevention, identity management and antivirus.
Professional services is the sector having the highest number of employees dedicated to IT security, followed by government, banking and financial services, utilities, education, manufacturing, health care, insurance and finally transportation.



Leave a Reply

You must be logged in to post a comment.