February 19, 2015

Information Security Program: Does the Budget Match the Risks?

Security budget stats are confusing. While the frequency and cost of data security incidents are up, some research shows information security program spending is down.

According to PwC’s Global State of Information Security Survey 2015, the reported number of security incidents in 2014 rose 48% to 42.8 million. At the same time, it showed global security budgets fell by 4% compared to 2013.

Interestingly, IT research firm Gartner Inc. said that security spending in 2014 would increase almost 8% compared to the previous year, to $71.1 billion. Furthermore, the Gartner forecast showed that total information security spending will grow another 8.2% in 2015 – and reach $76.9 billion.

How come these numbers don’t add up?

Rob Cotton, who heads up a security consultant company called NCC Group, may have the answer. In an online article, he says security spending has become entwined in many areas of business.

“Traditional information security and risk management are only a few areas of security,” he said. “It has become more pervasive and is now embedded within numerous business functions, processes and operations... meaning spending is often taken from multiple budgets in a de-centralized fashion without being itemized as cyber security.”

Here are key areas in any workplace where security budget allocations are needed:

Take this free security risk assessment to determine significant breach risks in your information security program.