Computer Crime Research Center


Security expected to take a larger bite of IT budgets

Date: June 08, 2004
Source: TechWeb News
By: Antone Gonsalves

Spending on security-related technology is expected to increase over the next couple of years, leveling off at 5 percent to 8 percent of the IT budget of global 2000 companies, a market-research firm said Monday.

Security spending takes up from 3 percent to 4 percent of IT budgets today, the Meta Group said in a report on calculating information-security spending. That amount, however, is expected to increases at a compound annual growth rate of between 8 percent and 10 percent through 2006, before reaching a plateau.

In general, information security doesn't have metrics for return on investment that's been adopted across industries.

A chief financial officer typically defines ROI as dollars spent balanced by additional revenue or accrued profit, but “security doesn't generate revenue or improve profits in a predictable manner,” Meta analyst Chris Byrnes said.

Therefore, Meta recommends that companies look to best practices in their industry as a way to determine how much they should spend as a percentage of their IT budgets.

“As a starting point for analysis, organizations should look at what other companies in the same industry are spending as a percentage of their budgets, and then adjust up or down from that number, depending on how comfortable they are with risk,” Byrnes said.

In general, percentages are expected to be higher among smaller organizations than at very large companies of, say, more than 50,000 users, Meta said. The above averages will typically be found in organizations with 5,000 to 10,000 users.

The rate of spending is expected to be slower in Europe than in the U.S., with a 5 percent to 7 percent CAGR versus a 10 percent CAGR, Meta said. The major reasons are the lower intensity of publicity regarding cyber-crime and compliance issues.

In the Asia-Pacific region, spending rates are expected to be similar to Europe in mature economies, such as Singapore, Japan, Australia, and South Korea. Security spending in developing countries, such as Malaysia, Thailand, and Philippines, is only starting.

Within verticals, the more regulated industries and those that conduct a lot of electronic financial transactions over the public Internet are expected to continue spending more on security.

Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo