The IT Security Bubble Has Popped

By Sonny Discini | May 11, 2010 | Print this Page

The blank check IT security enjoyed has been pulled off the table as businesses reassess how much they spend to stay safe. Need some data on the mood? McAfee reports nearly three-quarters of SMBs have cut security spending, even though 71 percent believe a serious attack would put them out of business.

Many people discuss bubbles, such as the dot-com bubble and the real-estate bubble. Well, there is another bubble that should be discussed -– the IT security budget bubble. Why? Because it has popped.

In the early to midpart of the past decade, we were seeing budget increases each fiscal year to the tune of 30 percent or more in IT security spending. This went on for years because senior leadership felt it was the right thing to do and the economy appeared to be roaring. Like all things where money is involved, eventually someone begins asking the right questions. Mix that with the worldwide economic fallout and the questions come even quicker and with great clarity.

In simple terms, enterprises can no longer afford IT security spending as we've come to know it. This is evident already in the drastic cuts seen in personnel, contractors, hardware contracts and new project budgets. CIOs are now spending money as if it was their own. When asked about this new perspective on IT security spending, one business manager said, "If I'm a shoemaker, how can I afford the outrageous costs of IT security and still make shoes at a profit?"

Read "The Unsustainable IT Data Center Security Budget" at Enterprise IT Planet