Enterprises advised to reduce IT security budgets

Businesses can afford to spend less on security, according to Gartner

IT teams are "safe" to reduce their security budgets this year, despite no let-off in the range and number of threats, according to Gartner.

The analyst firm said that the share of IT budgets set aside for security could be reduced from nine per cent to six per cent this year without having a negative impact on the smooth running of a business.

While all companies can afford to make this reduction thanks to maturing systems, those with an increased grasp of their hardware, or with recently updated security programmes, could trim their budgets by even more, Gartner added.

Vic Wheatman, a research director at Gartner, explained that the average percentage of IT spending on security in 2010 is five per cent, down from six per cent last year.

"In 2009, in the face of a significant IT spending downturn, security spending grew slightly as a percentage of the IT budget, while many other IT spending areas were gutted," he added.

"With the economic situation projected to improve in 2010, organisations are ramping up investments in other spending areas faster than they are for IT security."

However, Wheatman said that organisations will still spend money on systems and software offering endpoint security, next-generation firewalls, email and web security gateways and kit for branch offices.

"Determining how much a specific organisation spends on information security is not an easy exercise, particularly during a time of economic uncertainty," he said.

"However, regardless of industry or geography, we would urge organisations to use their best efforts to evaluate enterprise spending."

Gartner said that money should be spent on business initiatives which may have been scaled back during the financial slowdown. Typical areas for investment here include access management and data loss prevention systems.

More than 40 per cent of organisations identified intrusion prevention, patch management, data loss, anti-virus and identity management as the top five security priorities for 2010, according to Gartner.