Despite downturn, IT security spending to increase
Management increasingly is recognizing security as a top business priority, which is resulting in higher budgets for some organizations despite the economic slowdown, according to a new survey.The survey from the Computer Technology Industry Association (CompTIA), an IT trade group, compiled the responses of 1,538 organizations of varying sizes in the United, Canada, India, UK and China.
According to the survey, regardless of region, the mean spending for security-related technologies now is $719,930, an increase of 20 percent compared to last year.
Forty percent of organizations said they will spend more on security technologies this year and 32 percent will spend more on security training, the survey concluded. Another 33 percent will increase spending on security-related processes and 21 percent will allocate more cash for certifications, according to the survey. Spending decreases in these areas are only expected to happen in about four percent of organizations.
But concessions still need to be made in light of the economy. The survey showed that fewer companies -- 45 percent compared to 53 percent -- in the United States are providing security training for non-IT employees this year compared to last.
Still, there is good reason that management is earmarking more funds toward security budgets. Breaches remain an issue and have increased slightly over last year. Twenty-nine percent of U.S. respondents said they experienced at least one to three data-loss incidents.
The primary cause of breaches was human error, followed by a failure to follow security policies -- which are rising in prevalence, according to the survey.
Written IT security policies were adopted in more than 63 percent of U.S. organizations in 2008, but only in about 40 percent of small firms, defined as having 99 employees or fewer, the survey found.
Across the threat landscape, spyware is the most prevalent danger facing organizations, followed by viruses and worms, and a lack of user awareness.
But Scott Crawford, research director at research firm Enterprise Management Associates, told SCMagazineUS.com Monday that there seems to be an “awareness gap” between the threats organizations are concerned about and what actually is happening.
“It is a little surprising that I didn't see more about web application security concerns given that major vendor research reports have talked about web app vulnerabilities being the majority of vulnerabilities they see,” Crawford said.
Web application vulnerabilities “unquestionably” are the most prevalent flaw affecting servers today, according to an IBM report released this January. In addition, vulnerabilities in web applications made up 80 percent of all web-related flaws, according to report released last month from security vendor Cenzic.
Full survey results from CompTIA are scheduled to be released Monday at RSA Conference in San Francisco.
