Firms with mature IT security practices could begin to reap the rewards of their hard work and scale back their security spending by 3-4% by 2008, according to Gartner research.
But those firms that have under-invested in security or have inefficient working practices may need to spend 8% or more of their precious IT budget on security.
Rich Mogull, research vice president at Gartner, says the key is to target security spending efficiently, including putting the right policies in place.
“The message to be conveyed is not ‘we need more security’ but rather ‘we need more security process’. Security now has executive attention and we need to treat it as a business issue, not just a technology problem.”
Gartner’s Hype Circle report on security technologies, designed to help business executives decide where to allocate their security budgets, points to some changes in the security market.
One major change is that commodity security products such as host firewalls, antivirus, anti-spam and basic host intrusion prevention are converging into single packages, reducing complexity.
Compliance is also a major influence, says Mogul. “Compliance with government and industry regulations are now playing a significant role in security spending decisions.”