Spending on security-related technology was expected to increase over the next couple of years, levelling off at 5 percent to 8 percent of the IT budget of global 2000 companies, a market-research firm has said.
Security spending takes up from 3 percent to 4 percent of IT budgets today, the Meta Group said in a report released this week on calculating information-security spending.
That amount, however, was expected to increase at a compound annual growth rate of between 8 percent and 10 percent through 2006, before reaching a plateau.
The rate of spending was expected to be slower in the Asia-Pacific region than in the US, with a 5 percent to 7 percent CAGR versus a 10 percent CAGR. This figure was for mature economies, such as Singapore, Japan, Australia, and South Korea. Security spending in developing countries, such as Malaysia, Thailand, and Philippines, was only starting.
In general, information security doesn't have metrics for return on investment that's been adopted across industries.
A chief financial officer typically defines ROI as dollars spent balanced by additional revenue or accrued profit, but 'security doesn't generate revenue or improve profits in a predictable manner,' Meta analyst Chris Byrnes said.
Therefore, Meta recommended that companies looked to best practices in their industry as a way to determine how much they should spend as a percentage of their IT budgets.
'As a starting point for analysis, organisations should look at what other companies in the same industry are spending as a percentage of their budgets, and then adjust up or down from that number, depending on how comfortable they are with risk,' Byrnes said.
In general, percentages were expected to be higher among smaller organisations than at very large companies of, say, more than 50,000 users, Meta said. The above averages would typically be found in organisations with 5000 to 10,000 users.
The rate of spending in Europe was expected to be similar to that of Asia-Pacific -- 5 percent to 7 percent CAGR -- Meta said. The major reasons were the lower intensity of publicity regarding cyber-crime and compliance issues.
Within verticals, the more regulated industries and those that conducted a lot of electronic financial transactions over the public internet were expected to continue spending more on security.
Copyright © 2004 CMP Media LLC
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
