Security Executive Council Sees Tighter Budgets Speeding Prioritization, Cooperation

| 0 Comments | 0 TrackBacks
The 2009 corporate security budget picture shows substantial variance in both spending increases and cuts, even within specific sectors, according to a report released this week from the Security Executive Council (SEC). The report was one of several studies on corporate security spending to surface this week.

SEC's 2009 Security Budget Research Report, which surveyed 259 security practitioners in U.S. companies and organizations, found that 52 percent reduced security budgets for the current fiscal year. Of the balance, 25 percent increased their budgets, while the remaining 23 percent said there was no change. The executive summary of the report is available here. The full report is available exclusively to SEC members.

In addition to year-to-year budget totals, the report also looks average decreases or increases. Overall, of the 53 percent respondents who said their companies were decreasing their annual security budget, the average budget decrease was 17 percent.
Of the 23 percent of respondents who said their companies were increasing security budgets, the average increase was 18 percent.

The report also found the budget situation mixed within specific sectors, said Kathleen Kotwica, executive vice president and chief knowledge strategist with SEC. Much has to do with the relative size of the company. Generally, Fortune 500 companies are not feeling the squeeze as much as smaller companies. Even troubled sectors, such as financial, because of their compliance requirements, have not taken as steep a downtown as some had projected.

In the financial sector, the average budget decrease was 19 percent, Kotwica said. In health care the average decrease was 13 percent. Consumer services was 18.5 percent. Business services was 20 percent. The technology sector had the highest average decrease at 25 percent.

But Kotwica said some of these decreases should be measured against the sizable year-to-year increases security budgets have had prior to the recession. "Some got a little fat and needed to constrict to a degree." Nonetheless, she said some companies were making deep cuts that ultimately "could be very detrimental."

The budget cuts have prompted security professionals to focus on prioritizing security requirements within their organizations from the top down. Some of this, she added, will have implications related to security convergence. Although she did not wish to address technology, Kotwica said that from an organizational perspective, tighter budgets are forcing physical security, IT security, human resources, compliance and legal departments to work together. The more successful companies have been doing so for some time already, she added.

The current report will serve as a springboard for a much larger SEC research project, Kotwica said. The organization, consisting of senior security and risk executives from corporations and government agencies in charge of corporate and/or IT security programs, is seeking to determine a baseline "nugget" that will help organizations determine their cost of security. "We get a lot of questions about how to show the cost of security," said Kotwica, "The answer is always, 'it depends.'"

An accurate picture of cost and return on investment is elusive because of the many variables that have an impact on the organization. These variables relate to whether the company is global or not, whether it's regulated or not, the products it makes, the risks that need to be mitigated and the corporate risk appetite, Kotwicka said.

SEC's aim is develop a baseline measurement into which individual corporate variables can be plugged. This modular approach could yield a better answer to the cost question, she said. The project, which Kotwica expects to take most of this year, is just getting underway. Kotwica is assembling a team of security experts drawn from SEC rolls.
The 2009 corporate security budget picture shows substantial variance in both spending increases and cuts, even within specific sectors, according to a report released this week from the Security Executive Council (SEC). The report was one of several studies on corporate security spending to surface this week.

SEC's 2009 Security Budget Research Report, which surveyed 259 security practitioners in U.S. companies and organizations, found that 52 percent reduced security budgets for the current fiscal year. Of the balance, 25 percent increased their budgets, while the remaining 23 percent said there was no change. The executive summary of the report is available here. The full report is available exclusively to SEC members.

In addition to year-to-year budget totals, the report also looks average decreases or increases. Overall, of the 53 percent respondents who said their companies were decreasing their annual security budget, the average budget decrease was 17 percent.
Of the 23 percent of respondents who said their companies were increasing security budgets, the average increase was 18 percent.

The report also found the budget situation mixed within specific sectors, said Kathleen Kotwica, executive vice president and chief knowledge strategist with SEC. Much has to do with the relative size of the company. Generally, Fortune 500 companies are not feeling the squeeze as much as smaller companies. Even troubled sectors, such as financial, because of their compliance requirements, have not taken as steep a downtown as some had projected.

In the financial sector, the average budget decrease was 19 percent, Kotwica said. In health care the average decrease was 13 percent. Consumer services was 18.5 percent. Business services was 20 percent. The technology sector had the highest average decrease at 25 percent.

But Kotwica said some of these decreases should be measured against the sizable year-to-year increases security budgets have had prior to the recession. "Some got a little fat and needed to constrict to a degree." Nonetheless, she said some companies were making deep cuts that ultimately "could be very detrimental."

The budget cuts have prompted security professionals to focus on prioritizing security requirements within their organizations from the top down. Some of this, she added, will have implications related to security convergence. Although she did not wish to address technology, Kotwica said that from an organizational perspective, tighter budgets are forcing physical security, IT security, human resources, compliance and legal departments to work together. The more successful companies have been doing so for some time already, she added.

The current report will serve as a springboard for a much larger SEC research project, Kotwica said. The organization, consisting of senior security and risk executives from corporations and government agencies in charge of corporate and/or IT security programs, is seeking to determine a baseline "nugget" that will help organizations determine their cost of security. "We get a lot of questions about how to show the cost of security," said Kotwica, "The answer is always, 'it depends.'"

An accurate picture of cost and return on investment is elusive because of the many variables that have an impact on the organization. These variables relate to whether the company is global or not, whether it's regulated or not, the products it makes, the risks that need to be mitigated and the corporate risk appetite, Kotwicka said.

SEC's aim is develop a baseline measurement into which individual corporate variables can be plugged. This modular approach could yield a better answer to the cost question, she said. The project, which Kotwica expects to take most of this year, is just getting underway. Kotwica is assembling a team of security experts drawn from SEC rolls.

No TrackBacks

TrackBack URL: http://www.securitysquared.com/cgi-bin/mt/mt-tb.cgi/27

Leave a comment