Skip to main content

A Global Exploration of IT Security Budget Trends

Chief Information Security Officers (CISOs) have updated their IT security plans for 2017, due to ongoing concerns about new threats. Worldwide, IT organizations currently spend an average of 5.6 percent of their IT budget on IT security, according to the latest market study by Gartner.

However, the study uncovered that security spending can range from 1 to 13 percent of an organization's overall IT budget.

"Clients want to know if what they are spending on information security is equivalent to others in their industry, geography and size of business in order to evaluate whether they are practicing due diligence in security and related programs," said Rob McMillan, research director at Gartner.

That said, Gartner analysts believe that comparisons with industry averages are of limited value. CISOs could be spending at the same level as the peer group, yet be spending on the wrong things and are therefore vulnerable.

IT Security Market Development

According to the Gartner assessment, vendors could benefit, because the majority of organizations will continue to use average IT security spending figures as a proxy for assessing their security posture through 2020.

Without the context of business requirements, risk tolerance and satisfaction levels, the metric of IT security spending, by itself, doesn't provide valid comparative information that should be used to allocate resources.

Moreover, IT spending statistics alone do not measure IT effectiveness. They're not a gauge of successful IT organizations. They simply provide a view of average costs, without regard to complexity or demand.

Any statistics on explicit security spending are inherently soft, because they understate the true magnitude of enterprise investments in IT security -- since security features are being incorporated into hardware, software, activities or initiatives not specifically dedicated to security.

That's why many organizations do not know their real security budget. It's partly because few cost accounting systems break out security as a separate line item, and many security-relevant processes are carried out by staff who are not devoted full-time to security.

Gartner also believes that, in most instances, the CISO does not have insight into security spending throughout the enterprise.  Moreover, the very secure organizations can spend less than average on security as a percentage of their IT budget.

The lowest-spending 20 percent are composed of two distinctly different types of organizations. Un-secure organizations that under-spend, and secure organizations that have implemented best practices for IT security that reduce the overall complexity of their IT infrastructure by limiting security vulnerabilities.

Outlook for IT Security Spending Trends

According to Gartner, organizations should be spending between 4 and 7 percent of their IT budgets on IT security -- lower in the range if they have mature systems, higher if they are wide open and at risk. This represents the budget under the control and responsibility of the CISO, and not the "real" or total budget.

To demonstrate due care in information security, organizations must also assess their risks and understand both the CISO's security budget and the "real" security budget found in the complicated range of accounts that may not capture all security spending.

"A CISO who has knowledge of all of the security functions taking place within the organization as well as those that are necessary but missing and the way in which those functions are funded, is likely to use indirectly funded functions to greater advantage," McMillan concluded.

Popular posts from this blog

Digital Transformation for the Oil and Gas Sector

The savvy CEOs of multinational organizations will accelerate their investment in digital transformation projects in 2022, and beyond, to improve their competitiveness. Every industry leader that is forward-looking will act swiftly to grasp the upside opportunity. Global oil & gas companies face a myriad of operational, commercial, and existential security threats. According to the latest worldwide market study by ABI Research, oil & gas firms apply digitalization to combat these threats and will spend $15.6 billion on digital technologies by 2030. Oil & Gas Digital Apps Market Development Investments in digitalization can help to analyze a supply pipeline’s condition, prepare for fluctuations in the changing prices for oil and gas, as well as aid action plans to create more sustainable operations and transfer to producing renewable energy sources. "Safety and Security are top priorities for oil & gas operators. Data analytics allied with IoT platforms have become

The Fastest-Growing Mobile Opportunity in 2022

The number of mobile communication subscriptions worldwide is currently estimated at 8 billion, with 6 billion on smartphone connections, from a user base of 5.9 billion unique subscribers among a global population of 7.9 billion. Fifth-generation (5G) mobile service subscriptions using a compatible device significantly grew during the COVID-19 pandemic, but 4G connections remain the dominant force within the global telecom service provider sector. While the use of mobile phones is common throughout developing nations, 4G services are still an emerging technology in many parts of the world. Overall, 5G subscriptions will likely grow from 580 million at the end of 2021 to 3.5 billion by the end of 2026. 5G Mobile Market Development According to the latest worldwide market study by Juniper Research, revenue generated from 5G mobile services will reach $600 billion by 2026 -- representing 77 percent of global network operator-billed revenue. The adoption of 5G services across consumer and

2022 Tech Trends Outlook: What Happens Next?

This year may very well be another period of unprecedented challenges and opportunities. In 2022, several highly anticipated technology-related advancements will NOT happen, according to the predictions by ABI Research. Their analysts identify many trends that will shape the technology market and some others that, although attracting huge amounts of pundit speculation and commentary, are less likely to advance rapidly over the next twelve months. "The fallout from COVID-19 prevention measures, the process of transitioning from pandemic to endemic disease, and global political tensions weigh heavily on the coming year's fortunes," said Stuart Carlaw, chief research officer at ABI Research . What Won’t Happen in 2022? Despite all the headlines and investments, the metaverse will not arrive in 2022 or, for that matter, within the typical 5-year forecast window. The metaverse is still more of a buzzword and vision than a fully-fledged end goal with a clearly defined arrival d