TechnologyAccounting SoftwareSecurity spending still not a priority

Security spending still not a priority

Despite investing vast amounts of money to protect their networks from hacking and viruses, companies are still not tracking the return on their IT security spending, according to a new report from analyst IDC.

Link: IT Decisions – Security

Only 13% of the 100 chief information officers, chief technology officers and IT directors surveyed tracked the costs and returns on their security purchases, despite nine out of ten of the executies rating it in their top five priorites – and a shade under 40% as their top IT priority.

But while security is considered important, only 15% of firms regard it as a business investment in risk management.

‘There’s still a problem with attitude,’ said Gordon Morris, analyst at IDC.

‘Security is a bit of a head-in-the-sand issue. Most board members don’t come from an IT background and aren’t used to operating in this way. They see IT security as a business cost, or as one person said a necessary evil.’

IDC added that attitudes are changing at board level as IT managers learn to demonstrate the prudence of risk management tools – although many still find building a realistic picture of IT security return on investment problematical.

Rather than comparing the cost of hardware and software with the cost of a breach in security, companies should look at the larger business benefits involved, IDC said.

‘Risk management assessments are becoming an an increasingly important way of measuring a company’s success due to the growing focus on coporate governance and management accountability,’ said Morris.

‘It is true that ROI of security investment may never be known,’ the report concludes.

‘By working with risk management, though, some form of value can be understood and communicated. By measuring the effectiveness and value of IT security investment, a platform for providing a meaningful IT security platform can be achieved.’

Companies looking to manage their risk are increasingly passing the problem onto third parties, either by outsourcing or moving into partnership with specific security vendors, the report said.

IDC also warned vendors that while risk management was now the key factor in most purchase decisions, scare stories about viruses and other malware was least effective tool in persuading companies to set a firm security policy.

Related Articles

5 key tech innovations helping accountants transform their businesses

Accounting Software 5 key tech innovations helping accountants transform their businesses

3w Heather Darnell, Founder of Ask the BOSS
Finance and the tech foundation: what’s needed to deliver impactful business insights?

Accounting Software Finance and the tech foundation: what’s needed to deliver impactful business insights?

3m Workday | Sponsored
Best accounting software for businesses in the UK

Accounting Software Best accounting software for businesses in the UK

3m Accountancy Age, Reporters
Making sense of enterprise tech concepts for finance teams

Accounting Software Making sense of enterprise tech concepts for finance teams

4m Workday | Sponsored
Open Banking: what you need to know

Accounting Software Open Banking: what you need to know

4m Edward Berks, Xero
Accountancy in the digital age: Flexibility, agility, efficiency

Accounting Software Accountancy in the digital age: Flexibility, agility, efficiency

6m Pegasus Software | Sponsored
Sage purchases Intacct in its largest ever acquisition

Accounting Software Sage purchases Intacct in its largest ever acquisition

10m Alia Shoaib, Reporter
5 tips for SMEs to protect cash flow

Accounting Software 5 tips for SMEs to protect cash flow

10m Alia Shoaib, Reporter