In-Depth

Security Trends: Spending Set to Surge, Responsibility Shifts Outside IT

Forrester says IT security is in a "renaissance period"

• By Stephen Swoyer
• 09/16/2008

Spending in many IT sectors might be slowing down, but security-related IT spending has been and should continue to be bullish.

That's the conclusion of a new Forrester survey, which found that more than one-fifth of respondents (21 percent) anticipate growing their IT security budgets next year. The vast majority of respondents (almost three-quarters) don't expect to make any change to their security budgets – which isn't exactly heartening -- but only 6 percent anticipate reducing their IT security spend levels.

Forrester says it polled more than 1,200 North American security decision-makers, in both large enterprise organizations and SMB shops. It identified an unmistakable trend: security spending is on the rise, with year-over-year growth from 2007 to 2008 approaching 25 percent. Last year, for example, security spending comprised 8 percent of overall IT operating budgets; this year, Forrester projects, security-related IT spending should account for 10 percent.

As security spending – and presumably security -- has increased, so, too, has the stature of security professionals. Almost half of security pros now report to someone outside of IT -- e.g., a board, C-level executive, or executive committee.

The upshot, Forrester says, is that "security is no longer embedded within IT."

When it comes to security priorities, data protection is key: more than half of IT security pros identified the protection of intellectual property and/or customer data as their top priority. Business continuity (BC) and disaster recovery (DR) planning is also important: 42 percent of security pros said BC and DR were "very important" -- a sharp spike from last year's 33 percent.

Forrester principal analyst Khalid Kark says IT security is in the midst of a "renaissance period" in which its influence and stature are expanding.

"We are in a period of immense change in which we have the opportunity to define the future of our profession," said Kark, in a statement. "Security and Risk professionals are faced with a rapidly changing technology landscape and business environment. To achieve success in the role today, they need to be open to new ideas and embrace change."