[ISN] Security Expected To Take A Larger Bite Out Of IT Budgets

From: InfoSec News (isn@private)
Date: Mon Jun 07 2004 - 23:54:44 PDT

  • Next message: InfoSec News: "[ISN] Wireless Hackers Leave No Tracks"

    By Antone Gonsalves
    TechWeb News 
    June 7, 2004 
    Spending on security-related technology is expected to increase over
    the next couple of years, leveling off at 5 percent to 8 percent of
    the IT budget of global 2000 companies, a market-research firm said
    Security spending takes up from 3 percent to 4 percent of IT budgets
    today, the Meta Group said in a report on calculating
    information-security spending. That amount, however, is expected to
    increases at a compound annual growth rate of between 8 percent and 10
    percent through 2006, before reaching a plateau.
    In general, information security doesn't have metrics for return on
    investment that's been adopted across industries.
    A chief financial officer typically defines ROI as dollars spent
    balanced by additional revenue or accrued profit, but "security
    doesn't generate revenue or improve profits in a predictable manner,"  
    Meta analyst Chris Byrnes said.
    Therefore, Meta recommends that companies look to best practices in
    their industry as a way to determine how much they should spend as a
    percentage of their IT budgets.
    "As a starting point for analysis, organizations should look at what
    other companies in the same industry are spending as a percentage of
    their budgets, and then adjust up or down from that number, depending
    on how comfortable they are with risk," Byrnes said.
    In general, percentages are expected to be higher among smaller
    organizations than at very large companies of, say, more than 50,000
    users, Meta said. The above averages will typically be found in
    organizations with 5,000 to 10,000 users.
    The rate of spending is expected to be slower in Europe than in the
    U.S., with a 5 percent to 7 percent CAGR versus a 10 percent CAGR,
    Meta said. The major reasons are the lower intensity of publicity
    regarding cyber-crime and compliance issues.
    In the Asia-Pacific region, spending rates are expected to be similar
    to Europe in mature economies, such as Singapore, Japan, Australia,
    and South Korea. Security spending in developing countries, such as
    Malaysia, Thailand, and Philippines, is only starting.
    Within verticals, the more regulated industries and those that conduct
    a lot of electronic financial transactions over the public Internet
    are expected to continue spending more on security.
    ISN mailing list
    Sponsored by: OSVDB.org

    This archive was generated by hypermail 2b30 : Tue Jun 08 2004 - 03:07:40 PDT