Security Does And Will Cost More

Security will take up to 12 percent of US companies’ IT budgets by 2006, according to a new study by research firm Meta Group .

The number is then expected to level off to between 5 and 8 percent in the United States by 2008, and by 2009 across Europe and the Asia Pacific, according to Meta Group’s current research. Overall, it said Global 2000 companies currently spend between 3 and 4 percent of their IT budgets on security.

The numbers show that information security remains a top-five issue for CIOs, and the debate regarding appropriate investment levels continues to rage, Tom Scholtz, vice president with META Group’s Security & Risk Strategies advisory service, said in a statement.

“Although capturing and benchmarking information security spending is complicated, security teams must model overall investment to track parity with industry peers and account for the cost of satisfying business requirements for managing information risk.”

Meta predicts that the compound annual growth rate (CAGR) of security spending as a percentage of IT budgets will increase at a rate of 8 and 10 percent over the next two year in the U.S. Across European markets, the CAGR of security spending in Europe is expected to be somewhat lower, coming in at an estimated 5 to 7 percent. Meta’s report cites the increased scrutiny on security and cybercrime in the U.S as the reasons for the funding gap between Europe and the U.S.

IT security spending is variable based on numerous factors according to Meta including organization size, vertical industry trends and the regulatory environment in which the IT enterprise operates.

Meta Group’s brief report, “Calculating the Information Security Budget: Dabbling the Dark Arts?” also includes a warning to companies that scrimp on spending: “failure to invest appropriately in information security exposes the organization to untenable risk.”

Other recent industry surveys both contradict and agree with Meta Group’s assessment of an overall increase trend in IT security spending. A recent TowerGroup study estimated that IT security spending would be $71.5 billion this year.

On the other side of the argument, Deloitte and Touche’s recent IT security survey found that 25 percent of its survey base would not be increasing its security spend while 10 percent actually reported reducing their security budgets.