Security budgets rise despite recession
In this time of budget cutting, some businesses are actually increasing their IT security spending.
The recession could lead to an increase in security budgets, despite budgets falling elsewhere.
Dr Paul Dorey, independent consultant and the former chief security officer for BP, told IT PRO that the recession has affected security budgets much less than might have been expected.
Following a survey with 60 chief security officers (CSOs), his independent consulting firm CSO Confidential reported that security budgets were actually going up rather than down. When CSOs did see reductions, they weren't anywhere near as much as their partners had seen.
That trend was made apparent by one of the biggest security companies in the world, as McAfee reported higher-than-expected quarterly profit, which Reuters said was due to viruses and malware increasingly flooding the market.
Dorey explained that the threats that businesses had to deal with were increasing, which meant that they had to step up their security to protect themselves.
Companies were also facing increased regulatory attention and a much greater focus on compliance.
He mentioned banks as an example: "They've had a hard time over credit risks, but there are other risks they have to manage, and security and operational risks are amongst those."
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
He said: "Some businesses have decided that they can't afford to take another hit. It's bad enough to be challenged on one front, so they're not going to walk away from a risk problem on another and cause themselves difficulty."
Dorey advised chief information officers (CIOs) to spend serious time with security and risk managers, so that they all understand the problems they face. He added that people were an important part of the IT security link, in a theme called "security capability management."
He said: "It's about making sure that people who were badged as security professionals actually become better developed as professionals so they can have more executive conversations."