Home  › Stats › Audience/Traffic

Increased Security Spending Includes Personnel

  |  March 27, 2002   |  Comments

Security spending at most organizations accounts for somewhere between 2 and 20 percent of the total IT budget, according to research from Giga Information Group, Inc., and more of this money is being spent on personnel.

Security spending at most organizations accounts for somewhere between 2 and 20 percent of the total IT budget, according to research from Giga Information Group, Inc., and more of this money is being spent on personnel.

During the past year, Giga found that organizations appeared to appropriate larger portions of the budget for senior security managers, including chief security officers (CSOs) than before. Spurred by Sept. 11 and a heightened awareness of the need for security, the time of "jungle rules" for security management is at an end.

"To reevaluate the state of internal security, security managers need to understand what skills and salary levels are needed for security personnel, as well as how to structure the entire team," said Giga Vice President Steve Hunt. "How these teams are built depends heavily on the size and complexity of the organization, but most importantly, on the company's risk tolerance."

Giga's research found that CSOs working in financial services earn significantly higher salaries – up to $400,000 annually plus bonuses – than their counterparts in telecom, utilities and manufacturing.

"Given the newness of the position, there is still little uniformity around how the CSO is compensated," Hunt said.

CSOs in financial services reporting directly to the CIO make between $125,000 and $270,000, while those reporting to business executives (CFOs, COOs, etc.) may earn as much as $400,000, plus a 15 percent to 25 percent bonus. CSOs in telecom, utilities and manufacturing that commonly report to executives two levels below the CIO earn about $70,000 to $90,000 per year, plus a 15 percent bonus. This is closely matched by CSOs from the science-business sector, where CSOs may earn as much as $100,000 but can expect somewhat smaller bonuses, at 10 percent to 15 percent.

According to Hunt, there are three possible outcomes for risk management: Accept the risk, assign the risk or mitigate the risk.

"The extent to which you choose mitigation and the complexity of your IT infrastructure's applications portfolio will ultimately dictate the size and depth of your internal security program," Hunt said. "The tolerance for risk, more than anything else, dictates the resources that will be needed for the security organization."

Large non-tech manufacturers, for example, usually rate themselves as very risk-tolerant, while large banks rate themselves as very risk-intolerant and financial trading institutions, large hosting services and defense contractors usually behave with zero-tolerance for risk. Giga's research shows risk tolerance is getting lower.

"High-profile companies or organizations associated with national infrastructure are lowering their risk tolerance measurably and increasing their security budgets similarly as a result of the current threat climate," Hunt said.

Malicious code infection (also known as a virus) remains the most common security threat. According to the 7th Annual ICSA Labs' Virus Prevalence Survey (ICSA is an independent division of managed security services provider TruSecure Corp.), despite increased spending on security, the rate of malicious code infection continues to rise.

The survey gathered data from 300 companies and government agencies to describe the virus problem in computer networks, including desktop computers. Gantz-Wiley Research, Network Associates, Panda Software and Symantec Corp. sponsored the study.

Among the virus trends the study found taking shape in 2002:

  • An increase in the number of multiple vector threats similar to Nimda, more worms and viruses will attempt to exploit vulnerabilities in multiple vectors.

  • The proliferation of host-based threats-worms such as Code Red and Nimda show a trend of malicious code that infect and propagate through Internet host computers.

  • The creation and continuation of factors that contribute to rising infection rates. These include new virus types, increased use of multiple email programs, new replication vectors and expanded forms of connectivity.
"Although companies are spending more money and applying more technology to the problem of viruses and worms than ever before, malicious code is keeping pace," said Peter Tippett, chief technologist at TruSecure Corp. "Organizations need to examine their security policies and practices to ensure they are getting the most out of their existing resources. At the same time, antivirus vendors need to provide more heuristic tools and software vendors must offer more secure applications."

The survey also found that the average company spends between $100,000 and $1,000,000 in total ramifications per year for desktop-oriented disasters (both hard and soft costs). In addition to being more prevalent, computer viruses were more costly, more destructive and caused more real damage to data and systems than in the past. File corruption and data loss are becoming much more common, although loss of productivity continues to be the major cost associated with a virus disaster.

Organizations are also responding to increased threats by increasing their spending on security software. According to Dataquest, Inc. the worldwide security software market is expected to reach $4.3 billion in 2002, a 18 percent increase over revenue of $3.6 billion in 2001 (see More IT Dollars Headed to Security).

The telecommunications and communications industries led the way in security spending in 2001. But in 2002, with security a front page issue, government, education, IT and financial services are expected to increase security software spending while telecommunications, communications and services are projected to cut back.

ClickZ Live San Francisco This Year's Premier Digital Marketing Event is #CZLSF
ClickZ Live San Francisco (Aug 11-14) brings together the industry's leading practitioners and marketing strategists to deliver 4 days of educational sessions and training workshops. From Data-Driven Marketing to Social, Mobile, Display, Search and Email, this year's comprehensive agenda will help you maximize your marketing efforts and ROI. Register today!

ABOUT THE AUTHOR

COMMENTSCommenting policy

comments powered by Disqus

ClickZ Stats delivers stats headlines to your inbox twice a week. Subscribe today!

COMMENTS

UPCOMING EVENTS

Featured White Papers

BigDoor: The Marketers Guide to Customer Loyalty

The Marketer's Guide to Customer Loyalty
Customer loyalty is imperative to success, but fostering and maintaining loyalty takes a lot of work. This guide is here to help marketers build, execute, and maintain a successful loyalty initiative.

Marin Software: The Multiplier Effect of Integrating Search & Social Advertising

The Multiplier Effect of Integrating Search & Social Advertising
Latest research reveals 68% higher revenue per conversion for marketers who integrate their search & social advertising. In addition to the research results, this whitepaper also outlines 5 strategies and 15 tactics you can use to better integrate your search and social campaigns.

WEBINARS

Jobs

    • Interactive Product Manager
      Interactive Product Manager (Western Governors University) - Salt Lake CityWestern Governors University, one of the 20 largest universities...
    • SEO Senior Analyst
      SEO Senior Analyst (University of Phoenix (Apollo Education Group)) - San FranciscoSEO Senior Analyst   Position Summary...
    • SEM & Biddable Media Manager
      SEM & Biddable Media Manager (Kepler Group LLC) - New YorkAs an Optimization & Innovation Manager at Kepler Group, you will be on the bleeding...