IT Security Spending to Swell in 2011 as Firms Target Compliance

Courtesy of TechEye.net

Spending on security for IT systems is set to grow substantially this year as almost half of organizations admitted they are not protected or even aware of threats.

There is an increasing focus on risk and compliance management as companies are under ever more pressure to protect customer and sensitive business information against a range of potential threats - such as cyber criminals.

According to the 2011 Risk and Compliance Outlook report from McAfee, increasingly tight compliance is demanded by national and regional government in the U.S. around security of information.

McAfee says the results illustrate how it is imperative that companies improve risk management through better identification of threats, vulnerabilities and countermeasures, as well as improving policy compliance through more automation of IT controls. According to the research:

46 percent of organizations plan to fork out extra cash this year in order to adequately meet expectations—with spending expected to rise 21 percent.

41 percent of organizations questioned were not conscious of security risks posed, or knowingly remained unprotected. Another 40 percent were unsure whether they would be able to fend off potential risks by using countermeasure products.

“Organizations are under increasing pressure to protect customer information and privacy, as well as their own sensitive business information, which is driving the need for a strong focus on risk and compliance management,” said Stuart McClure, senior vice president and general manager of risk and compliance for McAfee. The research also indicated that:

75 percent were not confident that they would pass a regulatory compliance audit, while more than half admitted they have already failed.

A further nine percent have already failed an audit that has resulted in a fine—from either the government or an industry—with 24 percent spending over $250,000 on auditors.

Over 40 percent of organizations get into “fire-fight mode” when a regulatory audit approaches, diverting critical resources away from strategic priorities.

Databases were considered one of the biggest challenges in terms of infrastructure compliance with regulations.

The report also noted that approximately half of companies are patching systems every week, and a similar number are over-protecting by patching everything.

For a copy, click the PDF button at top right.