Information Security Budgets Will Increase in 2012

As part of our annual IT Spending Intentions survey, ESG asks IT professionals about overall spending trends for the coming year. Our 2012 IT Spending Intentions survey is set to be published soon, and I got a peak at the data recently. Like other analyst firms, ESG found that IT budgets will increase in 2012, albeit at a modest rate.

When it comes to information security budgets, however, growth should be more robust. More than half (61%) of midmarket (i.e., less than 1,000 employees) and enterprise (i.e., more than 1,000 employees) organizations will increase security spending in 2012, and of these, 18% will bolster security spending by 8% or more. These results are similar to the data collected in the ESG Research about Advanced Persistent Threats.

ESG also discovered that information security initiatives were identified by respondents as one of the top 5 IT priorities for 2012.

Where will this money be spent?

  1. Headcount. ESG found that 35% of organizations plan to hire additional security staff - if they can find skilled professionals available (see my information-security-skills-shortage-continues/index.html">last blog).
  2. Network security. Just over half (52%) of organizations will make additional investments in network security technologies (i.e., firewalls, IDS/IPS, gateway devices, etc.). Why? Because they need additional scale, integration, and security services at the network level. Good news for Cisco, Check Point, Juniper, McAfee, Palo Alto Networks, and Sourcefire. Other high priorities identified were mobile security, endpoint security, and SIEM.
  3. Advanced malware protection. With the rise of APTs, hacktivism, and other types of sophisticated attacks, organizations have no choice but to adopt a "belts and suspenders" model for anti-malware. This will benefit startups like Countertack, Damballa, and FireEye, as well as established leaders like RSA, Sourcefire, and Trend Micro.
  4. Security services. Given the threat landscape, shortage of skilled security professionals, and increasingly complex IT environment, many organizations will decide to punt and outsource security tasks to professional services and SaaS providers. It's likely that HP, IBM, Unisys, and Symantec will gain share here.

You can read Jon's other blog entries at Insecure About Security.

Topics: Cybersecurity