IT security spending is on the increase, study says

Security spending, as a percentage of IT budgets, is growing rapidly and is expected to peak in the United States in the next two years before settling to a sustainable level, according to a study released today by the Meta Group Inc., an information technology consulting firm in Stamford, Conn.

Analysts said spending on IT security is only now approaching adequate levels.

Average security spending among global 2,000 organizations is estimated currently at 3 to 4 percent of IT budgets. This is expected to reach levels of 8 to 12 percent before stabilizing around 5 to 8 percent.

Nailing down meaningful figures for security spending is difficult because expenditures are often not identified and they vary widely between business sectors and parts of the world.

'As a rule, the more regulated an industry or the more it lends itself to high volumes of electronic financial transactions over public networks, the more investment it requires in risk and information security management,' the report said.

Growth is expected to be fastest in the United States, where security issues have a high public profile, with Europe and developed Asia Pacific nations following at a slower pace. Spending in developing Asian countries is lagging.

Meta Group analysts estimate the appropriate investment for IT security to be from 3 to 8 percent of an organization's IT budget, depending on the value of electronic transactions and the level of trust in the parties involved. But just as important as the amount of money spent is how it is spent and the way it is tracked.

'Security teams must model overall investment to track parity with industry peers, and to account for the cost of satisfying business requirements for managing information risk,' analysts say.

About the Author

William Jackson is a Maryland-based freelance writer.


  • automated processes (Nikolay Klimenko/

    How the Army’s DORA bot cuts manual work for contracting professionals

    Thanks to robotic process automation, the time it takes Army contracting professionals to determine whether prospective vendors should receive a contract has been cut from an hour to just five minutes.

  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

Stay Connected