CompTIA Research: IT Security Investments Immune to Cutbacks

• By Dian Schaffhauser
• 05/04/09

##AUTHORSPLIT##<--->

The majority of organizations expect to increase or maintain their IT security spending this year, according to a new international survey from the Computing Technology Industry Association (CompTIA). Forty-five percent of IT professionals in large organizations in the United States (500 or more employees) report planned increases in spending on IT security technologies in 2009 according to the survey, while 52 percent say they'll keep their budget at the 2008 level. In India and China the planned increases are even more significant. Strong majorities of Indian (68 percent) and Chinese (64 percent) firms expect to increase their spending on security in 2009.

CompTIA's annual "Trends in Information Security: an Analysis of IT Security and the Workforce" focuses on identifying trends in IT security, including quantifying spending and assessing the costs associated with IT security breaches. The association received responses from 1,500 IT professionals responsible for security at their organizations in a number of industries, including education, financial services, government, healthcare, and IT.

"Despite the cost cutting environment prevalent in many firms these days, one area of the budget appears to be off limits: IT security," said Tim Herbert, vice president of research. "IT security falls into the mission critical category of spending and firms that cut-back on resources or efforts devoted to thwarting security breaches do so at their own peril."

"Viruses, worms and spyware led the list of top security issues in 2008," Herbert explained. "But that is changing. As more workers utilize smartphones, notebook computers and social networking sites to engage with customers and staff, IT professionals must increasingly deal with a rapidly growing security perimeter, browser-based attacks, the loss of physical assets, and social networking threats."

Worldwide, concern over browser-based attacks increased 13 percent year-over-year to 58 percent. Social engineering threats leaped 11 points to 30 percent. In China, IT professionals voiced concern over data theft, which increased in importance from 52 percent in 2007 to 63 percent in 2008.