Spending on security remains strong with 44 percent of enterprise security managers expecting to increase their budget in the next 90 days, according to 451 Research’s latest quarterly study.
The survey-driven report, derived from 800-1,500 customer surveys and 25 in-depth interviews with senior security professionals, found just 4 percent of enterprises are decreasing security spending.
"When it comes to information security spending, I guess the most important thing to note first is that the majority of budget increases are termed as slight increases with only 9.7 percent of respondents stating they are making significant increases to their security budget," Daniel Kennedy, research director for information security at 451 Research told eWEEK. "According to narrative commentary, the majority of budget increases are applied to increasing people costs--hiring, third-party--and further investment in the cost of security tools."
Kennedy also noted very few approaches to information security are being abandoned--as an example, while people acknowledge that anti-virus or traditional endpoint security falls short of effectiveness goals in stopping endpoint malware infections, especially in relation to its cost, almost no one is turning it off.
"While it isn’t sexy in terms of bleeding edge new products, we see established but not fully penetrated technologies like data leakage prevention, security information and event management, mobile device management as a security effort, and incident response and forensics capturing percentages of respondents who stated that significant spending is allocated to their new or further implementation," he explained.
While security budgets are stable or increasing for almost all organizations, security managers reported significant obstacles in fully realizing the benefits of SIEM solutions because of lack of staff expertise (44.4 percent) and inadequate staffing (27.8 percent).
The survey also found 41 percent of respondents noted hackers with malicious intent as their top security concern over the past 90 days, followed by navigating compliance requirements (37 percent).
As a consequence, 23 percent of security managers noted that compliance requirements were a key driver in getting projects approved, second only to risk assessment, cited by 25 percent of respondents.
"The migration of tools to increasingly virtualized server environments opened up opportunities for certain vendors who were faster to adapt traditional security capabilities to virtualization than established incumbents," Kennedy said. "That trend will continue to be the case as many enterprise architectures become more cloud-like. Even in the case of in-house private clouds, some security technologies designed to work in traditional IT stacks will undergo changes or fall by the wayside to vendors willing to adapt their capabilities."