Inside the IT Security Budget Paradox

 
 
By Michael Vizard  |  Posted 2015-06-30 Email
 
 
 
 
 
 
 
 
 
  • Previous
    1 - Inside the IT Security Budget Paradox
    Next

    Inside the IT Security Budget Paradox

    Despite a major increase in high-profile IT security breaches, the amount of time and money most organizations are allocating to security remains stagnant.
  • Previous
    2 - Where Control of the IT Security Budget Lies
    Next

    Where Control of the IT Security Budget Lies

    Respondents reported the CIO/CTO have control most often, at 37%, followed by business unit leaders, at 22%. Only 19% cited the IT security leader.
  • Previous
    3 - Who Decides How Much to Invest in IT Security?
    Next

    Who Decides How Much to Invest in IT Security?

    CIOs/CTOs again top the list (33%), followed by business unit leaders (31%) and the CFO at 13%. Only 10% cited the IT security leader.
  • Previous
    4 - IT Security as a Priority
    Next

    IT Security as a Priority

    Only 24% of respondents strongly agreed that their organization views security as one of the top two strategic priorities.
  • Previous
    5 - IT Security Budget Plans
    Next

    IT Security Budget Plans

    Nearly half (46%) said the IT security budgets increased in the past two years. In the next two years, 50% said it will increase. However, the same percentage of respondents (50 %) said their budgets are either flat (46%) or would actually decrease (4%).
  • Previous
    6 - Percentage of IT Budget Allocated to Security
    Next

    Percentage of IT Budget Allocated to Security

    On average, 8.2% of the IT budget, or $9.14 million, is allocated to security annually, and 9.2% of the IT security budget is allocated for activities related to new technologies (approximately $840,000).
  • Previous
    7 - How IT Security Budget Is Determined
    Next

    How IT Security Budget Is Determined

    Senior management determines the budget 39%, versus 32% who rely on an actual assessment. Most of the budget is used for staffing, according to 32% of respondents, followed by technologies and their maintenance (25%). Only 19% is allocated to managed or outsourced services.
  • Previous
    8 - IT Security Budgeting Process
    Next

    IT Security Budgeting Process

    Only 43% of respondents said their organizations' IT security budgets are adequate. More than half (53%) said the process is too complex.
  • Previous
    9 - IT Security Budgets in Terms of Compliance Mandates
    Next

    IT Security Budgets in Terms of Compliance Mandates

    More than half (58%) said they do not have sufficient resources to achieve compliance with security standards and laws.
  • Previous
    10 - An Absence of CXO  Security Involvement
    Next

    An Absence of CXO Security Involvement

    Nearly a third of respondents do not agree (34%) or are unsure (17%) that C-level executives are briefed on security priorities and investments in technology and personnel. Only 21% of respondents said the IT security budget is on the board's agenda.
  • Previous
    11 - The Great IT Security Disconnect
    Next

    The Great IT Security Disconnect

    Corporate leaders are more likely to view third-party mistakes or flubs, including those cloud providers made, as a serious threat (49%). The staff considers insecure Web applications (57%) and negligent insiders (56%) more serious threats.
  • Previous
    12 - IT Security Goals
    Next

    IT Security Goals

    The staff sees the minimization of downtime as the primary security objective (83%), while corporate leaders (72%) cite overall organizations' security posture. Only 8% of both groups believe providing cyber-security training for all employees should be a top security objective.
  • Previous
    13 - Most Vulnerable Elements of IT
    Next

    Most Vulnerable Elements of IT

    Nearly two-thirds (62%) said data in applications is most vulnerable, followed by third parties, such as cloud providers (57%) and mobile devices (44%).
  • Previous
    14 - Satisfaction With IT Security Investments
    Next

    Satisfaction With IT Security Investments

    On average, 37% of all investments in enabling security technologies did not meet expectations. What's more, 44% said they lack in-house expertise, followed by 32% citing vendor support issues. Another 32% pointed to higher-than-expected installation costs.
  • Previous
    15 - IT Security Technologies Deployed
    Next

    IT Security Technologies Deployed

    Most often deployed are anti-virus software (68%), followed by security incident and event management systems (SIEM) (63%) and identity and access management systems (57%).
  • Previous
    16 - Top Planned Beneficial IT Security Investments
    Next

    Top Planned Beneficial IT Security Investments

    Technologies that are both earmarked for purchase and economically beneficial are SIEM (53% and 63%) and encryption (52% and 45%).
  • Previous
    17 - Questionable IT Security Investments
    Next

    Questionable IT Security Investments

    84% said they are investing in intrusion-detection or intrusion-prevention systems. However, only 41% said it is a top-performing technology in terms of the economic benefits. Similarly, 72% said they are purchasing identity and access management systems, but only 57% said it is economically beneficial.
  • Previous
    18 - Maturity of IT Security Strategy
    Next

    Maturity of IT Security Strategy

    Only 18% of respondents said their companies' IT security program activities are fully deployed. A full 22% admitted to still being in an early stage.
 

Investments in IT security are starting to level off, largely because most organizations lack the internal expertise to master them, according to a recent global survey of 1,825 IT management and security professionals conducted by The Ponemon Institute on behalf of Dell SecureWorks. From a channel perspective, the most aggravating part of the these survey results is that only a quarter said IT security is a high priority, which may account for why only 19 percent of the IT security budget is allocated to managed or outsourced services. This has serious implications for the channel. The study suggests that much of the fault for this IT security disconnect lies with CIOs/CTOs and business unit leaders that exercise the most control over the IT security budget. In terms of greatest satisfaction with IT security technologies, the study finds that investments in security information event management (SIEM) and encryption appear to be providing the biggest bang for the buck. Channel Insider examines key takeaways from the study.

 
 
 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
























 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date