Economic downturn drives increased spending on IT security
ConvergenceAsia staff
24/04/2009

Even as organisations adapt to the current global economic crisis with cost-cutting and restructurings, they are making investments to strengthen IT security. According to an independent global survey sponsored by IT management software company CA, 42 per cent of organisations anticipate an increase in budget for IT security, while 50 per cent expect budgets to stay flat, and only eight per cent anticipate a cut in their IT security budget. IT security budgets are being driven upward by the prospect of new regulations and a perception that restructurings will increase internal threats.

Already companies spend a significant amount of their IT security budget on compliance:

- On average, companies in North America spend 26 per cent of their IT security budget on compliance initiatives, while companies in Asia Pacific spend 37 per cent, and EMEA and South America spend 19 per cent and 17 per cent respectively.
- On average 78 per cent of companies surveyed globally believe that new regulations and mandates will increase IT spending and efforts.
- Survey responses showed that security budgets correlate to how regulated the company is.

“The need for companies to have the security systems, processes and reporting structures in place to help them verify compliance has always been one of the strongest drivers for security software such as identity and access management, security information management and data loss prevention,” said Lina Liberti, vice president of marketing, CA Security Management.

“Despite the need to cut costs, organisations continue to invest security tools that will help them automate labour-intensive, manual compliance procedures such as reporting, deprovisioning users’ entitlements, and removal of orphan accounts. The goal is to automate compliance systems to reduce errors that can result in audit failures while demonstrating the value in an IT security investment more quickly through streamlined processes.”

The economy also has forced many companies to restructure their organisations, which has often resulted in layoffs. Sixty-seven per cent of mid-market companies and 73 per cent of enterprise organisations believe that layoffs have increased the internal threat to IT systems.

Whether a security incident is caused by an internal or external threat, the impact on an organisation in dollars and cents is significant, and it has an effect on security spending:

- According to survey respondents, security incidents at companies in North America report an average loss of nearly US$418,000, with the majority of them reporting losses of more than US$500,000. The real number is likely greater when factoring in lost time identifying and remediating the breach, and the damage to corporate reputation.
- Survey respondents that reported an increase in IT security spending also reported a higher number of internal and external incidents.

The CA-sponsored study surveyed more than 400 IT directors or above from large and mid-sized enterprises representing companies headquartered in North America, Europe, Asia Pacific and South America. The study also included qualitative feedback from focus groups and in-depth interviews of IT security directors or above in the United States, United Kingdom and Germany.

advertisement