20% of IT budget spend on security

The Computing Technology Industry Association (CompTIA) surveyed 1,070 organizations and found that on average, they spent one-fifth of their technology budgets on security-related spending in 2006. That's up from the 15% percent of IT budgets spent on security in 2005, and the 12% spent in 2004.

The survey results also revealed that for each dollar spent on security, about 42 cents goes toward technology product purchases. In general, 17 cents goes toward security-related processes; 15 cents covers training; 12 cents for assessments; and 9 cents pays for certification. The balance goes to other items.

TNS, a global market insight and information group, conducted the study for CompTIA, in an attempt to identify current IT security practices and highlight security challenges confronting organizations of varying sizes, in various industries.

Organizations expect to increase spending across all areas related to security in the next 12 months, CompTIA said. Almost half of the respondents said they plan to increase spending on security-related technologies. One-third of those surveyed said they expect to increase spending on security training. Those who expect to increase spending would do so by an average increase to 23%.

According to CompTIA, antivirus software, firewalls, and proxy servers hold the top slots for security enforcement technologies, and nearly all organizations use them. Over the past two years, organizations have increasingly relied on a layered approach, or combinations of firewalls, proxy servers, intrusion detection systems, physical access control, and multi-factor authentication, among other methods.