Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

Security Suffers Cuts In Recession, But Fares Better Than The Rest Of IT

Layoffs, cutbacks aren't as painful in security, but they are happening, studies say

Security might still be a haven from the budget ax, but some cracks are definitely appearing around the door, according to several studies published last week at the RSA Conference in San Francisco.

More than 70 percent of IT security professionals said they have been forced to cut their budgets during the past six months to adjust for the economic downturn, according to a report released by (ISC)2, an association of security professionals. Approximately half of the respondents said they have made at least one layoff in the security department.

The data runs counter to several other studies published earlier this year, in which most security professionals had said their spending would hold steady or increase in 2009. "The current economic conditions have had an effect on all professions, including information security," said Lee Kushner, president of LJ Kushner & Associates, a national IT recruiting firm.

The data in the (ISC)2 report is supported by a separate report issued last week by MetroSITE, a security consulting firm. MetroSITE found that 72 percent of companies surveyed expect to make downward revisions of their security budgets during the remainder of the year.

Security vendor Lieberman Software also posted a survey of IT and security pros that indicates 60.7 percent of respondents work at organizations that have reduced their IT budgets in 2009. Some 40 percent of the respondents have reduced staff since January, the report states.

The new studies would appear to poke holes in the notion that IT security is somehow "recession-proof," as some analysts have suggested. But even in the new data, there appears to be reason for optimism.

In the (ISC)2 study, for example, 55 percent of respondents said they do not expect any further security budget cuts for the remainder of the year. Approximately the same percentage of respondents said they do not expect further staffing cuts in 2009.

A study published last week by CA mirrors the optimism of earlier in the year, reporting that 50 percent of IT professionals expect security spending to remain the same, while 42 percent expect an increase. Only 8 percent expect a cut in their budgets, the study says.

"The cost of compliance and the risks associated with data breaches are keeping most companies from cutting back," said Dave Hansen, corporate senior vice president and general manager of CA's security management business, in an interview at RSA.

And while security may not be recession-proof, it remains better off than most other sectors of IT, experts say. "There has been speculation about whether IT security spending would increase or decrease during this recessionary cycle," said Bob West, CEO of Echelon One, a security industry research firm. "Now we can see with some evidence that security budgets seem to fare better than general IT spending."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message. Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
News
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
News
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Tell him only Kevin Mitnick and the President know the launch codes.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31607
PUBLISHED: 2021-04-23
In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff function...
CVE-2021-31597
PUBLISHED: 2021-04-23
The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected.
CVE-2021-2296
PUBLISHED: 2021-04-22
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromi...
CVE-2021-2297
PUBLISHED: 2021-04-22
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromi...
CVE-2021-2298
PUBLISHED: 2021-04-22
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attac...