Posted by: kenwbudd | March 2, 2009

Reduced Security

An urgent demand for talent in several areas is eclipsing broad, knee-jerk reactions to greatly reduce budgets and cut staffing levels, projects and fixed asset purchases, without thinking carefully about the consequences and future requirements.

Undeniably employers made mistakes in past downturns, huge miscalculations founded in the white hot heat of cost-cutting that wounded them badly later on. It limited their ability to respond quickly and when the smoke cleared and the rebuilding started, they were left floundering.

It just shows how little IT management has learned since last time. Managers have not learned the lesson that it’s not just about cutting spending, it’s about managing the risks and being smart within their spending limitations. Know your boundaries and work within them.

One of the worst instancies if this in the IT security field. Current economic conditions are having a negative impact on the majority of security budgets. Many companies have initiated a hiring freeze or staff reduction exercise, necessary measures due to the financial crisis.

Security-decision makers in over 100 companies have been asked about their spending plans for the coming year and to gauge the impact current economic conditions are having on budgets. Of 159 respondents, 64 percent indicted that the economy was having a negative impact on security spending. Another 19 percent said the economy currently had no impact. Just 6 percent said the crisis was having a positive impact on their organization’s security budget.

Security budgets will decrease for 35 percent of respondents and remain the same for 42 percent. Just 23 percent thought spending would increase in the coming year. Those numbers are a switch from last year, when more companies expected to increase security spending. In 2008, 38 percent of companies planned to increase their security budget and just 24 percent expected to see a decrease in spending.

One firm is actually in the minority and plans to spend more on security in the coming 12 months. “We are increasing from previous years. I would have to say the increase is around regulatory issues as well as general responsible security program expansion.”

Security spending is often driven by compliance and policy decisions. This falls in line with what other companies also said, with a majority indicating that policy and compliance are the main justifications for security spending.

Security decision-makers were asked if they planned to increase or decrease spending in the following areas: Business Continuity/disaster recovery, data loss prevention, identity management, compliance and regulations, outsourced security systems, physical security, policy and risk management, and staff.

In all but one category, more than half of respondents expected spending to remain at similar levels.

However, when it comes to spending on staff, 41 percent expect to see a decrease in spending. Close to 60 percent have either implemented, or plan to implement, a hiring freeze.

Additionally, 35 percent of companies asked, indicated they have had to go beyond a hiring freeze and have actually reduced security staff, or plan to reduce headcount in the next 6 months. It will be interesting how this affects security in the coming months and whether we will see more outsourcing of protective measures. A dangerous path to walk and one that can only increase the threat to organisations.

Let’s hope we soon see an end to these ‘interesting times’
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: