Company size has a direct bearing on security spending strategy according to a new survey from Forrester based on over 2,000 security decision makers at North American and European enterprises and small to medium sized businesses (SMBs) that found, pro rata, SMBs are outspending their larger counterparts on security technology.
In general, Forrester found the three top challenges facing IT security programs at all companies as being lack of budget, lack of in-house skills and workload issues.
But even though these were common problems, the way in which they were addressed depended on size. Specifically, where enterprises devote 7% of their IT budget on security technology, SMBs typically spend around 9%. Conversely enterprises are spending more on security staffing and less on security technology than SMBs. In addition, nearly two thirds of enterprise IT security programs have some degree of reporting, direct or indirect, outside of IT.
Furthermore, the survey identified a number of leading areas of focus for security programs such as the shoring up of protection of customer data and the building out of business continuity and disaster recovery capabilities, followed by compliance.
Eight in ten respondents indicated that data/mobile protection was an important or very important issue facing them in 2008 and 77% indicated business continuity/disaster recovery was important or very important.
In addition to differences related to company size, there were also specific geographic patterns of behaviour. European enterprises tended to view IT governance, risk, and compliance (GRC) initiatives as more challenging to them than do North American companies.