Speaking at the annual Gartner Security Summit here, senior analyst Vic Wheatman said that although security has dropped to ninth place on CIOs' lists of top priorities, spending is still strong.
After placing eighth on the 2009 priority list and fifth in 2008, security is continuing to drop on the hit parade, Wheatman said. But security still accounts for an average of 5 percent of total IT spending, he says.
Interestingly, the IT industry spends the most on security -- 11.3 percent of their total IT budget, Wheatman said. Banking and finance companies spend about 8.3 percent of their IT budgets on security; educational institutions spend less than 4 percent.
The average business spends about $525 per employee annually on security, Wheatman continued. The insurance industry spends the most: about $886 per employee. The transportation industry spends only about $155 per employee on security.
Security spending overall is expected to increase by 5.1 percent this year, Wheatman said.
How much should you spend on security? On average, companies spend about 3.4 percent of their revenues on IT, Wheatman says. The average security spend is about 0.12 to 0.3 percent of company revenue.
This figure compares favorably to what companies generally spend on casualty insurance, which is in the range of 0.138 to 0.232 percent of revenue, Wheatman said.
"It's a good analogy to make," Wheatman commented. "In general, there's no ROI on security -- it's a cost. But, like insurance, it's a cost that offsets what could be a much greater risk."
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.