Cost-Cutting Hits IT Budgets

CU360
September 3, 2009 | COMMENTS

The economic downturn has produced a range of new or heightened security threats, while at the same time causing many firms to pare back on IT budgets.

Even though security practitioners are most concerned about e-mail phishing and securing mobile devices, a recent study by RSA Conference indicates that technologies addressing these needs are at risk of being cut from IT budgets. Nearly three-quarters of respondents indicated a rise in email-borne malware and phishing attempts since the third quarter of 2008, with 57% saying they've seen an increase in Web-borne malware. Concerns about disgruntled employees as a result of layoffs were cited by 26% of survey respondents.

When asked about the top security and organizational challenges they expect to face in the next 12 months, 57% of respondents cited budgetary constraints, 44% cited employee education, and 40% said lost or stolen devices would be a challenge.

Information security spending is not immune to budget cuts during the recession, but it might fare better than other IT spending. While 72% of CEOs and vice presidents surveyed earlier this year anticipate security budget cuts, “the security budgets are being cut a little bit less than general IT spending,” said Dov Yoran, co-founder of information security marketing services firm MetroSITE.

Yoran said security projects likely to remain funded this year include those having to do with compliance, protection of mobile devices, and identity/access management. At risk of budget cuts are new hardware or software, projects with a long-term ROI, and vulnerability assessment tools.

While the economic downturn has resulted in shrinking IT budgets across industries, a similar survey from Deloitte Touche Tohmatsu indicates that cuts to security spending vary by industry. Media, telecommunications, and technology firms all reported cutting their security budgets in 2008. At financial services firms, however, IT spending has been reduced but security spending has not gone down, according to Irfan Saif, a principal with Deloitte's security and privacy services division. A lot of it has to do with the regulatory landscape, according to Saif.

Among industries where compliance is a bigger driver for security spending, budgets were affected less by the economic downturn. Financial firms, including credit unions, are bracing for potential increases in regulatory oversight and a growing compliance burden.

The recent RSA survey also asked what technology investments will likely be bypassed or curtailed due to spending freezes and budget cuts. Even though 72% of respondents have seen a rise in email-borne malware and phishing, 8% still plan on cutting money that would go to addressing those risks. And 40% of respondents admitted that securing lost or stolen devices, such as iPhones or Blackberries, is a top concern in the coming year, but 15% of those surveyed will be reducing spending in this area.

One upside to the recession is that security vendors are more willing to offer discounts to customers. The MetroSITE survey showed 64% of customers planning to seek discounts.

For additional coverage of credit union IT budgets and spending priorities for the coming year, see the September 2009 issue of Credit Union Magazine.