Companies Spend More, Plan Less in Response to Rising Security Breaches
June 11, 1998
BOSTON--(BUSINESS WIRE) via NewsEdge Corporation --
Study in Information Security magazine paints [PARA]portrait of industry's "happy days and happy daze" [PARA]Overall spending on information security will increase dramatically in 1999, with one-quarter of all organizations budgeting more than $500,000 for infosecurity needs, according to an extensive study published today in Information Security magazine (www.infosecuritymag.com).
From 1998 to 1999, the number of companies spending more than a half-million dollars on infosecurity products and services will increase by 73 percent, the study found.
Published in the June 1998 issue of Information Security, the official publication of
ICSA (International Computer Security Association), the survey explores a wide range of information security issues, including business preparedness, security breaches, purchasing trends, salary statistics and gender gaps among information security professionals.
According to the survey, the increase in infosecurity spending appears to be in response to a dramatic increase in security breaches, particularly from insiders.
Of the 1,063 infosecurity professionals polled for the study, 54 percent said their companies experienced an employee access abuse in the last year, a 35 percent increase over 1997's figures. Nearly one in five suffered a leak of proprietary information, up 58 percent.
"It seems infosec is in the midst of both happy days and a happy daze, " said Andrew
Briney, the editor of Information Security and lead author of the study. "Spending and confidence are up--96 percent of survey respondents expect information security to improve over the next two years. But the survey also revealed an alarming increase in security breaches in nearly every category. At the same time, the number of companies with business-recovery plans has decreased."
Unlike other infosecurity surveys, the Information Security study polled the front-line professionals who deal with security issues and technologies on a day-to-day basis. The study produced compelling statistics covering a wide range of business and
economic concerns:
-- Preparedness. 78 percent of organizations have a security policy in place, an 11 percent increase over 1997. However, the number of companies with a business-recovery plan dropped by 13 percent, from 70 percent of the total sample in 1997 to 61 percent today.
-- Obstacles to Security. Despite increasing budgets, the number one obstacle to security is a lack of adequate funding, mentioned by 58 percent of respondents. The second biggest obstacle is a lack of end-user awareness, cited by half of all respondents.
-- Purchasing Trends. Encryption-related products will be hot-ticket items in 1999--32 percent of respondents said they plan to purchase them. Also popular will be training/education products and services (28 percent), virtual private networks (VPNs) (27 percent), and Internet/intranet/Web security products (27 percent). When making buying decisions, the most important factor is security (4.4 on a scale of 1 to 5), followed by performance (4.1) and features (3.9). The least important factor of those listed is cost (3.3).
-- Salaries and the New "Infosec Economy." The survey uncovered widespread geographic and demographic disparities in the salaries paid to infosecurity professionals. Nearly 4 out of 10 infosecurity professionals in the Northeast U.S. make more than $75,000 a year, compared to only 22 percent in the Midwest. Infosec workers in computer and data-processing are best off--almost half make more than $75,000--while military and government workers remain among the lowest paid. The nouveau riche of infosecurity are workers in the finance and insurance industries. In 1996, only 14 percent made more than $70,000. Today, more than a third make more than $75,000.
Nearly three-quarters of survey respondents make more than $50,000 a year, and the percentage of those making more than $100,000 nearly tripled since 1996. However, the salaries of newcomers to the industry--those with a year or less of experience--decreased dramatically. In 1996, only 8 percent of newcomers made less than $30,000, compared to 23 percent today.
The downward mobility of newcomers suggests that information security is less and less a "hybrid industry"--that is, one staffed by " free-agent" transfers from related IT departments. Instead, it seems more and more of the economy's new workers--those with little or no professional experience whatsoever--are pursuing information security as a first career choice.
-- Gender Matters. The survey uncovered a widening gender gap among infosecurity professionals. Today, only 12 percent of infosecurity workers are women, down from 20 percent in 1996. The salary gap has narrowed somewhat over the last two years--the ratio of men to women making between $70,000 and $100,000 decreased from 4 to 1 in 1996 to 2 to 1 today. However, in most wage categories women make less today than men did two years ago. For example, the portion of women currently making less than $50,000 (43 percent) is higher than the portion of men in that category (33 percent) in 1996.
For complete survey results, visit Information Security's Web site: www.infosecuritymag.com.
Based in Norwood, Mass., Information Security is a monthly trade magazine distributed to approximately 40,000 computer and information security professionals. The
magazine is published by ICSA Inc. Based in Carlisle, Pa., ICSA provides security assurance services worldwide. For more information, visit ICSA's Web site at www.icsa.net. |
