How Much Should You Spend On Security? Gartner Offers Some Answers

Security drops to No. 9 on the list of IT priorities, research firm says

Dark Reading Staff, Dark Reading

June 24, 2010

2 Min Read

NATIONAL HARBOR, MD. -- Gartner Security Summit 2010 -- Security is not as big a priority for enterprises as it was in 2008, but it's still grabbing a healthy chunk of the IT budget, a major research firm said Tuesday.

Speaking at the annual Gartner Security Summit here, senior analyst Vic Wheatman said that although security has dropped to ninth place on CIOs' lists of top priorities, spending is still strong.

After placing eighth on the 2009 priority list and fifth in 2008, security is continuing to drop on the hit parade, Wheatman said. But security still accounts for an average of 5 percent of total IT spending, he says.

Interestingly, the IT industry spends the most on security -- 11.3 percent of their total IT budget, Wheatman said. Banking and finance companies spend about 8.3 percent of their IT budgets on security; educational institutions spend less than 4 percent.

The average business spends about $525 per employee annually on security, Wheatman continued. The insurance industry spends the most: about $886 per employee. The transportation industry spends only about $155 per employee on security.

Security spending overall is expected to increase by 5.1 percent this year, Wheatman said.

How much should you spend on security? On average, companies spend about 3.4 percent of their revenues on IT, Wheatman says. The average security spend is about 0.12 to 0.3 percent of company revenue.

This figure compares favorably to what companies generally spend on casualty insurance, which is in the range of 0.138 to 0.232 percent of revenue, Wheatman said.

"It's a good analogy to make," Wheatman commented. "In general, there's no ROI on security -- it's a cost. But, like insurance, it's a cost that offsets what could be a much greater risk."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights