IT security budgets on the rise

Financial losses from attacks on corporate networks and employees are rising

Three out of five IT professionals plans to increase spending on security over the coming year, according to a study by Cisco.

A two-part study on the impact of remote workers on corporate security polled 2,000 remote workers and IT professionals from various industries in the US, UK, France, Germany, Italy, Japan, China, India, Australia and Brazil.

Nearly two-thirds indicated that they will increase security-related spending in 2008, more than half of whom will increase security investments by more than 10 per cent on the previous year.

Cisco said that one of the main drivers behind the increase is financial losses from attacks on corporate networks and employees, including those who work outside the office.

The highest percentage of IT decision makers who plan to boost spending are in nations that are relative newcomers to widespread IP-based corporate networking.

China, India and Brazil had the highest number of IT decision makers planning to increase spending in general, and the largest percentage who will increase security investments by more than 10 per cent year over year.

The study suggests that risky behaviour from remote workers, such as opening suspicious emails, hijacking wireless networks or sharing corporate devices with non-employees, is much more extensive in China, India and Brazil than in nations with a longer history of corporate internet use.

"During the past few years, virus attacks caused the most damage in countries where internet adoption was greatest," said John Stewart, chief security officer at Cisco.

"As new countries increase adoption, those that drive the new internet growth can learn from others to understand the inherent security challenges, especially those who use the internet to shop or work remotely.

"For multinational corporations and the IT departments that support them, understanding their employees' level of security awareness and experience is key in fostering tighter relationships, building trust and administering effective education that will ultimately help to protect the enterprise."

Stewart added that companies need to take a considered and practical approach to protecting their assets and employees, and to prevent spending on reactive security fire-fighting.

"Businesses need firewalls, virtual private networks and data protection technologies," concluded Stewart.

"The challenge is how to minimise other costs that could have been prevented through sustained education of employees, such as managing malware outbreaks and data theft.

"Increasing employee awareness through sustained education reduces threats, attacks and the painful price tags they typically carry."