Organizations of all sizes are expected to allocate more of their IT budgets to security spending this year compared to 2008, according to two reports released this week by Forrester Research.
In both enterprises and small-to-medium-size businesses (SMBs), IT security budgets should increase, more money should be allocated to new security initiatives and an increased focus should be placed on securing data and meeting business objectives -- rather than complying with regulatory mandates.
“Security is getting a bigger piece of the IT budget pie,” Jonathan Penn, the reports' author and Forrester's vice president of tech industry strategy and security, told SCMagazineUS.com on Tuesday.
The findings were based on 942 respondents form enterprises and 1,206 from SMBs. They included CEOs, CFOs and senior security professionals from North America and Europe.
The enterprise-focused report concluded that security spending will account for 12.6 percent of overall IT budgets in 2009, up from 11.7 percent in 2008. Similar increases were noted for SMBs. The report covering those organizations concluded that security is expected to get 10.1 percent of total IT budgets, compared to 9.1 percent last year.
The amount of money enterprises and SMBs are allocating for new security initiatives is up this year, as well. In enterprises, 17.7 percent of typical security budgets were allotted for new security initiatives last year. This year, that figure is expected to jump to to 18.5 percent. In SMBs, the security budget allotment for new initiatives is expected to rise from 14.9 percent last year to 15.9 percent this year.
Both enterprise and SMB respondents rated data protection as their top security issue. Rather than reacting to the latest threats or vulnerabilities, companies are taking a more calculated view of security by examining what it takes to protect the company's data, Penn said.
Managing regulatory compliance used to be the top security issue, but now that has moved farther down the priority list as the focus has shifted from a regulatory compliance perspective to a business perspective, he said.
“Compliance is an outgrowth of having an appropriate security posture,” Penn said.
Both groups said the second most important security issue is application security, with 80 percent of SMB respondents and 86 percent of enterprise respondents calling it “important” or “very important.” The next biggest issues for both was disaster recovery, followed by identity and access management.