Security budgets are falling, finds survey

Despite the growth of malware threats and bot-driven spam, many businesses reduced their IT security budgets in 2008, a Deloitte survey has found.

Share

Despite the growth of malware threats and bot-driven spam, many businesses reduced their IT security budgets in 2008, a Deloitte survey has found.

Six out of ten companies are falling behind on securityThe Deloitte 2009 Global Security Survey polled more than 200 information security officers in the high-tech, media and telecom sectors. It found that 32 percent face reduced information-security budgets.

Yet about 60 percent of businesses surveyed claim they are falling behind on keeping up with security, or at least catching up to security standards overall

Information security managers are also less inclined to invest in new security technologies as early adopters than they were in 2007, the last time the survey was undertaken.

Previously, 67 percent of respondents "considered themselves early adopters of security technology," the report states, while that number has dropped to 53 percent. The Deloitte survey concludes information security managers in high-tech, media and telecom face increased pressures of "reduced security investment and increased focus on keeping the day-to-day business up and running."

"Thirty-two percent of them said they had reduced security budgets, though there were no details," says Irfan Saif, principal in Deloitte's enterprise risk services, about the 2009 Global Security Survey.

While 25 percent of survey respondents did say they were seeing their security budgets raised, the increase was less than 5 percent.

"Sixty percent said they feel they're falling behind or still just catching up," Saif says, adding that social-networking technologies and regulatory concerns rank among the main worries of information security managers polled in the survey.

The survey also showed that only 28 percent felt confident they were protected by internal attacks caused by insiders.

Moreover, the position of "privacy officer" (sometimes "chief privacy officer", whose job is to ensure an organisation's data-management processes conform to established law and preferred corporate practices) also appears to be in some decline among the companies questioned about it.

The previous Deloitte survey of the high-tech, media and telecom industry showed that half of the companies responding did have "an executive responsible for privacy," but this year's survey showed a decrease of 6% from that.