Survey: Security gets bigger slice of IT budgets

The Sept. 11 attacks on the United States and continued fears of cyberterrorism are pushing many companies to include more money for security technologies in their 2002 IT budgets, according to the results of a survey conducted last month by Computerworld and J.P. Morgan Securities Inc.

Of the 174 IT managers polled online during the last two weeks of October, 53 per cent said they expect to devote a higher proportion of their total IT budgets to security next year than they did this year. Only five per cent said they expect their security spending to decline.

Companies with annual revenues of more than US$500 million are expected to spend the most on security next year, according to the survey. Respondents in that category said security-related investments would account for 11.2 per cent of their total IT budgets on average, compared with an average of 10.3 per cent for all the users who responded.

Both figures are well above the 7.4 per cent of their budgets on average that the surveyed companies set aside for security spending in this year’s IT budgets. Secure Sockets Layer products, anti-virus and intrusion-detection software, virtual private networks and firewalls top the list of new technologies respondents said they plan to deploy next year.

What’s particularly notable is that companies are beefing up security spending even though their total IT budgets are decreasing or remaining flat. More than half (59 per cent) of the survey participants said they expect their overall IT spending to decline next year or be similar to this year’s levels.

However, since the terrorist attacks, many IT managers have noted that it’s far easier to get money budgeted for security than in years past.

“Right now, I don’t have to justify any expenditure effort on IT security,” said Ralph Menzano, CIO at the Southeastern Pennsylvania Transportation Authority in Philadelphia, during a recent roundtable discussion about return on investment in IT. Among other measures, he said, the transportation agency is considering implementing a biometric security system to verify employee identities.

Curtis Robb, chief technology officer at Atlanta-based Delta Technology Inc., said the IT arm of Atlanta-based Delta Air Lines Inc. is also expanding its focus on security initiatives as a result of the terrorist attacks. “One of the things we’re doing is updating the infrastructure in 75 of our largest airports to include the latest network security gear,” Robb said.

He added that biometrics could also play a major role, both for verifying the identity of employees and “as a way of getting [passengers] we know through the lines faster.”

Despite the interest that users such as Menzano and Robb have in biometrics, only four per cent of the survey’s respondents said they plan to deploy such systems next year. Also absent from the top spots on the list of security technologies participants are eyeing were user authentication tools such as smart cards and public-key infrastructure products.

Analysts at New York-based J.P. Morgan said one reason might be that authentication systems typically start at more than US$100,000. Those prices may be too steep in today’s economic climate, they noted.