[ISN] Security Expected To Take A Larger Bite Out Of IT Budgets
InfoSec News
isn at c4i.org
Tue Jun 8 02:54:44 EDT 2004
http://www.techweb.com/wire/story/TWB20040607S0013
By Antone Gonsalves
TechWeb News
June 7, 2004
Spending on security-related technology is expected to increase over
the next couple of years, leveling off at 5 percent to 8 percent of
the IT budget of global 2000 companies, a market-research firm said
Monday.
Security spending takes up from 3 percent to 4 percent of IT budgets
today, the Meta Group said in a report on calculating
information-security spending. That amount, however, is expected to
increases at a compound annual growth rate of between 8 percent and 10
percent through 2006, before reaching a plateau.
In general, information security doesn't have metrics for return on
investment that's been adopted across industries.
A chief financial officer typically defines ROI as dollars spent
balanced by additional revenue or accrued profit, but "security
doesn't generate revenue or improve profits in a predictable manner,"
Meta analyst Chris Byrnes said.
Therefore, Meta recommends that companies look to best practices in
their industry as a way to determine how much they should spend as a
percentage of their IT budgets.
"As a starting point for analysis, organizations should look at what
other companies in the same industry are spending as a percentage of
their budgets, and then adjust up or down from that number, depending
on how comfortable they are with risk," Byrnes said.
In general, percentages are expected to be higher among smaller
organizations than at very large companies of, say, more than 50,000
users, Meta said. The above averages will typically be found in
organizations with 5,000 to 10,000 users.
The rate of spending is expected to be slower in Europe than in the
U.S., with a 5 percent to 7 percent CAGR versus a 10 percent CAGR,
Meta said. The major reasons are the lower intensity of publicity
regarding cyber-crime and compliance issues.
In the Asia-Pacific region, spending rates are expected to be similar
to Europe in mature economies, such as Singapore, Japan, Australia,
and South Korea. Security spending in developing countries, such as
Malaysia, Thailand, and Philippines, is only starting.
Within verticals, the more regulated industries and those that conduct
a lot of electronic financial transactions over the public Internet
are expected to continue spending more on security.
More information about the ISN
mailing list