CA Global Survey: Economic Downturn Drives Increased Spending on IT Security

Even as organizations adapt to the current global economic crisis […]

April 30, 2009

Even as organizations adapt to the current global economic crisis with cost-cutting and restructurings, they are making investments to strengthen IT security.

According to an independent global survey sponsored by CA, 42 percent of organizations anticipate an increase in budget for IT security, while 50 percent expect budgets to stay flat, and only eight percent anticipate a cut in their IT security budget. IT security budgets are being driven upward by the prospect of new regulations and a perception that restructurings will increase internal threats.

Already companies spend a significant amount of their IT security budget on compliance:

· On average, companies in North America spend 26 percent of their IT security budget on compliance initiatives, while companies in Asia Pacific spend 37 percent, and EMEA and South America spend 19 percent and 17 percent respectively.

· On average 78 percent of companies surveyed globally believe that new regulations and mandates will increase IT spending and efforts.

· Survey responses showed that security budgets correlate to how regulated the company is. For example, an organization that is highly regulated and must comply with 50 or more regulations, spends about 3.5 times more on IT Security than a company that is more lightly regulated with fewer than 10 mandates.

“The need for companies to have the security systems, processes and reporting structures in place to help them verify compliance has always been one of the strongest drivers for security software such as identity and access management, security information management and data loss prevention,” said Lina Liberti, vice president of marketing, CA Security Management. “Despite the need to cut costs, organizations continue to invest security tools that will help them automate labor-intensive, manual compliance procedures such as reporting, deprovisioning users’ entitlements, and removal of orphan accounts. The goal is to automate compliance systems to reduce errors that can result in audit failures while demonstrating the value in an IT security investment more quickly through streamlined processes.”

The economy also has forced many companies to restructure their organizations, which has often resulted in layoffs. Sixty-seven percent of mid-market companies and 73 percent of enterprise organizations believe that layoffs have increased the internal threat to IT systems.

Whether a security incident is caused by an internal or external threat, the impact on an organization in dollars and cents is significant, and it has an effect on security spending:

· According to survey respondents, security incidents at companies in North America report an average loss of nearly $418,000, with the majority of them reporting losses of more than $500,000. The real number is likely greater when factoring in lost time identifying and remediating the breach, and the damage to corporate reputation.

· Survey respondents that reported an increase in IT security spending also reported a higher number of internal and external incidents.

The CA-sponsored study surveyed more than 400 IT directors or above from large and mid-sized enterprises representing companies headquartered in North America, Europe, Asia Pacific and South America. The study also included qualitative feedback from focus groups and in-depth interviews of IT security directors or above in the United States, United Kingdom and Germany.
Read the report, which includes survey statistics and quotes from focus group and interview participants

The survey was conducted by GMG Insights, which provides analysis, research and strategy service to companies with complex business-to-business sales.

Watch video

In the same category