Security budgets on the up

IT chiefs in financial services companies are spending an average of six percent of their budgets on security, according to a recent report.

Financial services firms are now investing more to achieve good digital security, according to the results of the 2003 Global Security Survey from professional services organisation Deloitte Touche Tohmatsu. On average they are spending six percent of the IT budget on security, while 47 percent had hired extra security staff compared with last year. Only 19 percent of respondents said their firms had reduced the number of IT security staff, despite the slowdown in the economy.

The six percent figure is a positive sign, according to Glyn Geoghegan of security consultancy Corsaire. "In the past a figure of five percent has been stated as appropriate, so it's good to see that the finance industry is above that - although only a little," he said.

But simply hiring more security staff does not necessarily result in good security. "In our experience, the effectiveness of a security team is related more to their role, experience and the systems supporting them, than head count," said Geoghegan.

Graeme Cox, managing director at security services provider DNS, said that financial services firms tend to invest more in security, making companies in other sectors likely to be more vulnerable. "Financial services tend to lead the way in the sophistication of their approach to IT security - they have to, with the renewed focus on corporate governance and risk management," he said. "Other sectors are spending a relatively low figure by percentage of overall IT spend on security." He added that in some organisations, 15,000 users might be managed by only one or two dedicated security professionals.

Few respondents to the survey viewed their security spending as impressive. Forty-four percent felt that their organisation's investment was moderate compared with other firms, and 24 percent said their spending was conservative. Ten percent were concerned that their spending on security was inadequate.

Antivirus tools, virtual private networks (VPNs) and intrusion detection systems were the most widely used security technologies - in place at over 85 percent of organisations. However, emerging technologies also proved popular, with smartcards and biometric security deployed at 43 percent and 19 percent respectively.

Have your say: reply to IT Week