IT Security Spending Expected to Increase for Enterprises, SMBs

Two new reports from Forrester Research project that roughly 40 percent of enterprises and small and midsize businesses plan to increase their IT security budgets in 2010.

The reports, released Jan. 25, found other commonalities: A large percentage of both groups expect spending on network security to increase and have declared data security "critical." According to Forrester's "The State of Enterprise IT Security and Emerging Trends 2009 to 2010" report, 40 percent of the enterprises surveyed plan to increase spending on network security by 5 percent or more; 34 percent said the same for risk and compliance management.

In Forrester's sister report, "The State of SMB IT Security and Emerging Trends 2009 to 2010," 36 percent of SMBs surveyed expected network security spending to increase 5 percent or more, with about one-fourth of those increasing it by 10 percent or more.

"Network security has always been the biggest area of [spending]," Forrester analyst Jonathan Penn told eWEEK. "One reason it's seeing such strong growth [is] because the escalated attention to vulnerabilities and threats is causing organizations to enhance their network-level detection. Another is that, with the concern about insider incidents (both malicious and inadvertent) rising, the network is a natural focus for additional security controls that monitor for such activities—there is a continued reluctance to deploy tighter controls on the desktop because of the sensitivity to end-user impact."

Eighty-nine percent of enterprise respondents and 84 percent of SMB respondents said data security was a critical or high priority. Both groups also expressed concern about the implications of smartphones and Web 2.0 social media on their environments.

"More SMBs (40 percent) noted their concerns about smartphones than any other technology we asked about, with 34 percent citing concerns about Web 2.0 next," the SMB report said. "The concerns over the risks associated with such consumerization trends ranked higher even than concerns over cloud computing (32 percent) or data center virtualization (30 percent). This is likely because from a security perspective, consumerization represents a greater loss of control oversight of the computing infrastructure, whereas cloud and virtualization merely represent a changing management paradigm."

Both enterprises and SMBs are also looking to outsource security to find better protection. The areas that most interested respondents were e-mail filtering and vulnerability assessment. Forty-six percent of the enterprise respondents said they were "very interested" or "somewhat interested" in vulnerability assessment managed services. For SMBs that number was 51 percent.

For SMBs, expertise and not cost was the most important factor when considering managed services. Sixty-six percent cited quality protection as an important factor in their decision to adopt managed security, while 48 percent cited cost reduction.

The Forrester reports were based on data from a survey of security decision makers from more than 2,000 organizations.