Home  › Stats › Audience/Traffic

Increased Security Spending Includes Personnel

  |  March 27, 2002   |  Comments

Security spending at most organizations accounts for somewhere between 2 and 20 percent of the total IT budget, according to research from Giga Information Group, Inc., and more of this money is being spent on personnel.

Security spending at most organizations accounts for somewhere between 2 and 20 percent of the total IT budget, according to research from Giga Information Group, Inc., and more of this money is being spent on personnel.

During the past year, Giga found that organizations appeared to appropriate larger portions of the budget for senior security managers, including chief security officers (CSOs) than before. Spurred by Sept. 11 and a heightened awareness of the need for security, the time of "jungle rules" for security management is at an end.

"To reevaluate the state of internal security, security managers need to understand what skills and salary levels are needed for security personnel, as well as how to structure the entire team," said Giga Vice President Steve Hunt. "How these teams are built depends heavily on the size and complexity of the organization, but most importantly, on the company's risk tolerance."

Giga's research found that CSOs working in financial services earn significantly higher salaries – up to $400,000 annually plus bonuses – than their counterparts in telecom, utilities and manufacturing.

"Given the newness of the position, there is still little uniformity around how the CSO is compensated," Hunt said.

CSOs in financial services reporting directly to the CIO make between $125,000 and $270,000, while those reporting to business executives (CFOs, COOs, etc.) may earn as much as $400,000, plus a 15 percent to 25 percent bonus. CSOs in telecom, utilities and manufacturing that commonly report to executives two levels below the CIO earn about $70,000 to $90,000 per year, plus a 15 percent bonus. This is closely matched by CSOs from the science-business sector, where CSOs may earn as much as $100,000 but can expect somewhat smaller bonuses, at 10 percent to 15 percent.

According to Hunt, there are three possible outcomes for risk management: Accept the risk, assign the risk or mitigate the risk.

"The extent to which you choose mitigation and the complexity of your IT infrastructure's applications portfolio will ultimately dictate the size and depth of your internal security program," Hunt said. "The tolerance for risk, more than anything else, dictates the resources that will be needed for the security organization."

Large non-tech manufacturers, for example, usually rate themselves as very risk-tolerant, while large banks rate themselves as very risk-intolerant and financial trading institutions, large hosting services and defense contractors usually behave with zero-tolerance for risk. Giga's research shows risk tolerance is getting lower.

"High-profile companies or organizations associated with national infrastructure are lowering their risk tolerance measurably and increasing their security budgets similarly as a result of the current threat climate," Hunt said.

Malicious code infection (also known as a virus) remains the most common security threat. According to the 7th Annual ICSA Labs' Virus Prevalence Survey (ICSA is an independent division of managed security services provider TruSecure Corp.), despite increased spending on security, the rate of malicious code infection continues to rise.

The survey gathered data from 300 companies and government agencies to describe the virus problem in computer networks, including desktop computers. Gantz-Wiley Research, Network Associates, Panda Software and Symantec Corp. sponsored the study.

Among the virus trends the study found taking shape in 2002:

  • An increase in the number of multiple vector threats similar to Nimda, more worms and viruses will attempt to exploit vulnerabilities in multiple vectors.

  • The proliferation of host-based threats-worms such as Code Red and Nimda show a trend of malicious code that infect and propagate through Internet host computers.

  • The creation and continuation of factors that contribute to rising infection rates. These include new virus types, increased use of multiple email programs, new replication vectors and expanded forms of connectivity.
"Although companies are spending more money and applying more technology to the problem of viruses and worms than ever before, malicious code is keeping pace," said Peter Tippett, chief technologist at TruSecure Corp. "Organizations need to examine their security policies and practices to ensure they are getting the most out of their existing resources. At the same time, antivirus vendors need to provide more heuristic tools and software vendors must offer more secure applications."

The survey also found that the average company spends between $100,000 and $1,000,000 in total ramifications per year for desktop-oriented disasters (both hard and soft costs). In addition to being more prevalent, computer viruses were more costly, more destructive and caused more real damage to data and systems than in the past. File corruption and data loss are becoming much more common, although loss of productivity continues to be the major cost associated with a virus disaster.

Organizations are also responding to increased threats by increasing their spending on security software. According to Dataquest, Inc. the worldwide security software market is expected to reach $4.3 billion in 2002, a 18 percent increase over revenue of $3.6 billion in 2001 (see More IT Dollars Headed to Security).

The telecommunications and communications industries led the way in security spending in 2001. But in 2002, with security a front page issue, government, education, IT and financial services are expected to increase security software spending while telecommunications, communications and services are projected to cut back.

ClickZ Live Toronto Twitter Canada MD Kirstine Stewart to Keynote Toronto
ClickZ Live Toronto (May 14-16) is a new event addressing the rapidly changing landscape that digital marketers face. The agenda focuses on customer engagement and attaining maximum ROI through online marketing efforts across paid, owned & earned media. Register now and save!

ABOUT THE AUTHOR

COMMENTSCommenting policy

comments powered by Disqus

ClickZ Stats delivers stats headlines to your inbox twice a week. Subscribe today!

COMMENTS

UPCOMING EVENTS

Featured White Papers

ion Interactive Marketing Apps for Landing Pages White Paper

Marketing Apps for Landing Pages White Paper
Marketing apps can elevate a formulaic landing page into a highly interactive user experience. Learn how to turn your static content into exciting marketing apps.

eMarketer: Redefining Mobile-Only Users: Millions Selectively Avoid the Desktop

Redefining 'Mobile-Only' Users: Millions Selectively Avoid the Desktop
A new breed of selective mobile-only consumers has emerged. What are the demos of these users and how and where can marketers reach them?

Jobs

    • Contact Center Professional
      Contact Center Professional (TCC: The Contact Center) - Hunt ValleyLooking to join a workforce that prides themselves on being routine and keeping...
    • Recruitment and Team Building Ambassador
      Recruitment and Team Building Ambassador (Agora Inc.) - BaltimoreAgora, www.agora-inc.com, continues to expand! In order to meet the needs of our...
    • Design and Publishing Specialist
      Design and Publishing Specialist (Bonner and Partners) - BaltimoreIf you’re a hungry self-starter, creative, organized and have an extreme...