Analytics
4/27/2009
05:55 PM
50%
50%

Security Suffers Cuts In Recession, But Fares Better Than The Rest Of IT

Layoffs, cutbacks aren't as painful in security, but they are happening, studies say

Security might still be a haven from the budget ax, but some cracks are definitely appearing around the door, according to several studies published last week at the RSA Conference in San Francisco.

More than 70 percent of IT security professionals said they have been forced to cut their budgets during the past six months to adjust for the economic downturn, according to a report released by (ISC)2, an association of security professionals. Approximately half of the respondents said they have made at least one layoff in the security department.

The data runs counter to several other studies published earlier this year, in which most security professionals had said their spending would hold steady or increase in 2009. "The current economic conditions have had an effect on all professions, including information security," said Lee Kushner, president of LJ Kushner & Associates, a national IT recruiting firm.

The data in the (ISC)2 report is supported by a separate report issued last week by MetroSITE, a security consulting firm. MetroSITE found that 72 percent of companies surveyed expect to make downward revisions of their security budgets during the remainder of the year.

Security vendor Lieberman Software also posted a survey of IT and security pros that indicates 60.7 percent of respondents work at organizations that have reduced their IT budgets in 2009. Some 40 percent of the respondents have reduced staff since January, the report states.

The new studies would appear to poke holes in the notion that IT security is somehow "recession-proof," as some analysts have suggested. But even in the new data, there appears to be reason for optimism.

In the (ISC)2 study, for example, 55 percent of respondents said they do not expect any further security budget cuts for the remainder of the year. Approximately the same percentage of respondents said they do not expect further staffing cuts in 2009.

A study published last week by CA mirrors the optimism of earlier in the year, reporting that 50 percent of IT professionals expect security spending to remain the same, while 42 percent expect an increase. Only 8 percent expect a cut in their budgets, the study says.

"The cost of compliance and the risks associated with data breaches are keeping most companies from cutting back," said Dave Hansen, corporate senior vice president and general manager of CA's security management business, in an interview at RSA.

And while security may not be recession-proof, it remains better off than most other sectors of IT, experts say. "There has been speculation about whether IT security spending would increase or decrease during this recessionary cycle," said Bob West, CEO of Echelon One, a security industry research firm. "Now we can see with some evidence that security budgets seem to fare better than general IT spending."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message. Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Threat Intel Today
Threat Intel Today
The 397 respondents to our new survey buy into using intel to stay ahead of attackers: 85% say threat intelligence plays some role in their IT security strategies, and many of them subscribe to two or more third-party feeds; 10% leverage five or more.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-5395
Published: 2014-11-21
Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3276 and E3236 TCPU before V200R002B470D13SP00C00 and WebUI before V100R007B100D03SP01C03, E5180s-22 before 21.270.21.00.00, and E586Bs-2 before 21.322.10.00.889 allow remote attackers to hijack the authentication of users ...

CVE-2014-7137
Published: 2014-11-21
Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM before 3.6.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) contactid parameter in an addcontact action, (2) ligne parameter in a swapstatut action, or (3) project_ref parameter to projet/tasks/contact.php; (4...

CVE-2014-7871
Published: 2014-11-21
SQL injection vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev36 and 7.6.x before 7.6.0-rev23 allows remote authenticated users to execute arbitrary SQL commands via a crafted jslob API call.

CVE-2014-8090
Published: 2014-11-21
The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nes...

CVE-2014-8469
Published: 2014-11-21
Cross-site scripting (XSS) vulnerability in Guests/Boots in AdminCP in Moxi9 PHPFox before 4 Beta allows remote attackers to inject arbitrary web script or HTML via the User-Agent header.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?