Company size has a direct bearing on security spending
strategy according to
a
new survey from Forrester based on over 2,000
security decision makers at North American and European enterprises
and small to medium sized businesses (SMBs) that found, pro rata,
SMBs are outspending their larger counterparts on security
technology.
In general, Forrester found the three top challenges facing IT
security programs at all companies as being lack of budget, lack of
in-house skills and workload issues.
But even though these were common problems, the way in which
they were addressed depended on size. Specifically, where
enterprises devote 7% of their IT budget on security technology,
SMBs typically spend around 9%. Conversely enterprises are spending
more on security staffing and less on security technology than
SMBs. In addition, nearly two thirds of enterprise IT security
programs have some degree of reporting, direct or indirect, outside
of IT.
Furthermore, the survey identified a number of leading areas of
focus for security programs such as the shoring up of protection of
customer data and the building out of business continuity and
disaster recovery capabilities, followed by compliance.
Eight in ten respondents indicated that data/mobile protection
was an important or very important issue facing them in 2008 and
77% indicated business continuity/disaster recovery was important
or very important.
In addition to differences related to company size, there were
also specific geographic patterns of behaviour. European
enterprises tended to view IT
governance, risk, and compliance (GRC) initiatives as more
challenging to them than do North American companies.