Dark Reading

Security might still be a haven from the budget ax, but some cracks are definitely appearing around the door, according to several studies published last week at the RSA Conference in San Francisco.

More than 70 percent of IT security professionals said they have been forced to cut their budgets during the past six months to adjust for the economic downturn, according to a report released by (ISC)2, an association of security professionals. Approximately half of the respondents said they have made at least one layoff in the security department.

The data runs counter to several other studies published earlier this year, in which most security professionals had said their spending would hold steady or increase in 2009. "The current economic conditions have had an effect on all professions, including information security," said Lee Kushner, president of LJ Kushner & Associates, a national IT recruiting firm.

The data in the (ISC)2 report is supported by a separate report issued last week by MetroSITE, a security consulting firm. MetroSITE found that 72 percent of companies surveyed expect to make downward revisions of their security budgets during the remainder of the year.

Security vendor Lieberman Software also posted a survey of IT and security pros that indicates 60.7 percent of respondents work at organizations that have reduced their IT budgets in 2009. Some 40 percent of the respondents have reduced staff since January, the report states.

The new studies would appear to poke holes in the notion that IT security is somehow "recession-proof," as some analysts have suggested. But even in the new data, there appears to be reason for optimism.

In the (ISC)2 study, for example, 55 percent of respondents said they do not expect any further security budget cuts for the remainder of the year. Approximately the same percentage of respondents said they do not expect further staffing cuts in 2009.

A study published last week by CA mirrors the optimism of earlier in the year, reporting that 50 percent of IT professionals expect security spending to remain the same, while 42 percent expect an increase. Only 8 percent expect a cut in their budgets, the study says.

"The cost of compliance and the risks associated with data breaches are keeping most companies from cutting back," said Dave Hansen, corporate senior vice president and general manager of CA's security management business, in an interview at RSA.

And while security may not be recession-proof, it remains better off than most other sectors of IT, experts say. "There has been speculation about whether IT security spending would increase or decrease during this recessionary cycle," said Bob West, CEO of Echelon One, a security industry research firm. "Now we can see with some evidence that security budgets seem to fare better than general IT spending."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.