More than half (55 per cent) of IT security directors plan to increase their budgets in the coming year, according to analyst Forrester Research.
The additional spending is attributed to security's broader scope and move towards information risk management rather than just technology, says the analyst.
'Security is moving away from a reactive discipline to various technological threats to a more rational process of being able to proactively manage risk,' said Bill Nagel, author of Forrester's security survey.
'The information security officer is no longer a geek, he is becoming more integrated into the business side of things,' he said.
The report points to the regulatory environment as the trigger for this shift, as security directors weigh up the risks of compliance and explain them to the board.
'The security director not only has to adapt to being more business focused but he has to jump up and down and point out that security has to be baked into IT systems and business processes,' said Nagel.
He says the best way for security directors to do this is to highlight the damage to reputation that a security lapse could cause.
But Paul Simmonds, information security director at ICI, says security directors have always had to provide a business case for projects.
'I don't think regulation has changed the role,' he said. 'Sarbannes-Oxley was a business requirement therefore security had to support it. I have never had a problem getting a project funded if I can produce a compelling case for return on investment. That's always been the case.'