Meta: spend 3-8% of IT budget on security

VNUNet: Security swallows a twelfth of IT budgets

IT directors have been advised to spend three to eight per cent of their IT budgets on ongoing security costs.

The figures are best practice guidelines given by analyst Meta at its 14th annual forum in Barcelona earlier this week.

Meta explained that the figure does not include special events, nor projects such as public key infrastructure implementations.

The analyst added that security budgets will increase by 10 per this year, as they had done in 2001 and 2002.

Financial services firms should spend eight per cent of their IT budget on security to cover ongoing costs. Energy companies should allocate 6.5 per cent, e-commerce companies six per cent, retailers five per cent and manufacturing companies three per cent.

These figures do not cover business continuity and disaster recovery, which should take up another 2.5 to four per cent, according to Tom Scholtz, vice president of security and risk strategies at Meta.

Meta’s nine components for a security programme:

  • A governance structure that ties security to the business.
  • A vision, reduced to quarterly deliverables, that drives toward an appropriately secured environment; an architecture that is adaptable.
  • An organisational approach that supports accountability and the correct separation of duties.
  • A plan to generate continuous cultural change.
  • A maturity programme for security-related processes.
  • An approach to supporting local management discretion in determining the appropriate level of security.
  • The execution of processes that determine just how secure the environment is – right now!
  • The execution of projects that make the environment more secure.
  • The execution of processes which ensure that security is servicing the current needs of all aspects of the business.

Leave a Reply