Skip to main content

A Global Exploration of IT Security Budget Trends

Chief Information Security Officers (CISOs) have updated their IT security plans for 2017, due to ongoing concerns about new threats. Worldwide, IT organizations currently spend an average of 5.6 percent of their IT budget on IT security, according to the latest market study by Gartner.

However, the study uncovered that security spending can range from 1 to 13 percent of an organization's overall IT budget.

"Clients want to know if what they are spending on information security is equivalent to others in their industry, geography and size of business in order to evaluate whether they are practicing due diligence in security and related programs," said Rob McMillan, research director at Gartner.

That said, Gartner analysts believe that comparisons with industry averages are of limited value. CISOs could be spending at the same level as the peer group, yet be spending on the wrong things and are therefore vulnerable.

IT Security Market Development

According to the Gartner assessment, vendors could benefit, because the majority of organizations will continue to use average IT security spending figures as a proxy for assessing their security posture through 2020.

Without the context of business requirements, risk tolerance and satisfaction levels, the metric of IT security spending, by itself, doesn't provide valid comparative information that should be used to allocate resources.

Moreover, IT spending statistics alone do not measure IT effectiveness. They're not a gauge of successful IT organizations. They simply provide a view of average costs, without regard to complexity or demand.

Any statistics on explicit security spending are inherently soft, because they understate the true magnitude of enterprise investments in IT security -- since security features are being incorporated into hardware, software, activities or initiatives not specifically dedicated to security.

That's why many organizations do not know their real security budget. It's partly because few cost accounting systems break out security as a separate line item, and many security-relevant processes are carried out by staff who are not devoted full-time to security.

Gartner also believes that, in most instances, the CISO does not have insight into security spending throughout the enterprise.  Moreover, the very secure organizations can spend less than average on security as a percentage of their IT budget.

The lowest-spending 20 percent are composed of two distinctly different types of organizations. Un-secure organizations that under-spend, and secure organizations that have implemented best practices for IT security that reduce the overall complexity of their IT infrastructure by limiting security vulnerabilities.

Outlook for IT Security Spending Trends

According to Gartner, organizations should be spending between 4 and 7 percent of their IT budgets on IT security -- lower in the range if they have mature systems, higher if they are wide open and at risk. This represents the budget under the control and responsibility of the CISO, and not the "real" or total budget.

To demonstrate due care in information security, organizations must also assess their risks and understand both the CISO's security budget and the "real" security budget found in the complicated range of accounts that may not capture all security spending.

"A CISO who has knowledge of all of the security functions taking place within the organization as well as those that are necessary but missing and the way in which those functions are funded, is likely to use indirectly funded functions to greater advantage," McMillan concluded.

Popular posts from this blog

Global Digital Business and IT Consulting Outlook

Across the globe, CEOs and their leadership teams continue to seek information and guidance about planned Digital Transformation initiatives and the most effective enterprise organization change management practices. Worldwide IT and Business Services revenue will grow from $1.13 trillion in 2022 to $1.2 trillion in 2023 -- that's a 5.7 percent year-over-year growth, according to the latest market study by International Data Corporation (IDC). The mid-term to long-term outlook for the market has also increased -- the five-year CAGR is forecast at 5.2 percent, compared to the previous 4.9 percent. Digital Sevices & Consulting Market Development IDC has raised the growth projection despite a weak economic outlook, because of vendor performances across 2022, growth indicators from adjacent markets, increased government funding, and inflation impacts. The actual 2022 market growth was 6.7 percent (in constant currency), which was 87 basis points higher than forecast last year, alth

Why Instant Issuance Payment Cards Evolved

The global financial services sector continues to grow as more progressive organizations seek to gain a meaningful competitive advantage from their digital transformation initiatives. Across the globe, many regions are seeing a significant rise in 'instant issuance' activity from a physical and digital perspective, from both traditional and emerging innovative banking institutions. Digital Payments Market Development Customers increasingly demand instant access to banking services, with physical instant issuance enabling them to leave their branch equipped with a ready-to-go payment card. According to the latest worldwide market study by ABI Research, the market for instantly issued physical payment cards will increase from 243.2 million shipments in 2022 to a forecast of 471.1 million in 2027. "Critically, instant issuance of payment cards is no longer limited to the physical," said Sam Gazeley, industry analyst at ABI Research . Indeed, the growing digitization of p

Digital Talent Demand Exceeds Supply in Asia-Pac

Even the savviest CEO's desire for a digital transformation advantage has to face the global market reality -- there simply isn't enough skilled and experienced talent available to meet demand. According to the latest market study by IDC, around 60-80 percent of Asia-Pacific (AP) organizations find it "difficult" or "extremely difficult" to fill many IT roles -- including cybersecurity, software development, and data insight professionals. Major consequences of the skills shortage are increased workload on remaining digital business and IT employees, increased security risks, and loss of "hard-to-replace" critical transformation knowledge. Digital Business Talent Market Development Although big tech companies' layoffs are making headlines, they are not representative of the overall global marketplace. Ongoing difficulty to fill key practitioner vacancies is still among the top issues faced by leaders across industries. "Skills are difficul