Despite economic uncertainties sometimes impeding the broader market, increases in the number and complexity of threats faced by information technology is expected to drive IT security budgets higher in the coming year, according to a recent study conducted by 451 Research.

"We found that 45 percent of the respondents are expecting a budget increase for 2013, mostly in the 5 to 10 percent range," said research director Daniel Kennedy. "This is better than what we saw last year. Companies realize they need to respond to the problems that are out there."

Only 8 percent of the individuals anticipated budget reductions.

[Related: The 10 Biggest Security Stories Of 2012]

The study anticipates continued market strength, especially in the areas of mobile device management, endpoint security, network data loss prevention (DLP), application-aware firewalls and mobile device management, which includes not only asset tracking but also security aspects such as authentication and data wiping.

Eight percent of the respondents anticipated expenditures on application-aware firewalls over the next six months, and 14 percent had longer-term plans already on their radar screens. Similarly, 10 percent of the companies anticipated DLP rollouts in the near-term.

"DLP is starting to become ubiquitous," observed Kennedy. "It's becoming the next step in endpoint protection. The requirement for data breach notifications when it does occur is also giving DLP a push. But, mobile device management is probably the most dramatic gainer, with something like 20 percent of the respondents implementing some sort of related project within the next six months. It's the top answer to the bring-your-own-device phenomenon. But issues, such as ease-of-use, still remain."

NEXT: Key Verticals

The study also points to increases in vertical markets where IT security had not previously been all that strong.

"Energy and industrial manufacturing are verticals that are getting very serious about security," said Kennedy. "For years, it was financial services, followed by healthcare. But, now we're seeing areas that haven't always increased their security budgets becoming more willing to invest. So we're seeing a lot more from sectors such as energy, transportation, industrial, etc. We are not exactly sure what is driving that phenomenon. Maybe concerns about SCADA and Stuxnet attacks are raising their awareness."

While the threat landscape continues to evolve towards more sophisticated and numerous threats, Kennedy also said that compliance appears to be the key driver for IT security expenditures.

"We always knew that compliance played a huge role in security," he said. "But I was very surprised to see that 42 percent of the respondents said that compliance was setting the agenda. I don't know that that is entirely positive. Certainly, the security people want to get the dollars any way that they can, but there were also complaints suggesting that compliance driving the agenda might not be the best way to do project prioritization."

Kennedy went on to say that a strong focus on compliance often leads to a checkbox mentality that lacks the layers of analysis necessary to assure truly effective data security.

The survey has been done on an annual basis for the last 15 years, and it includes approximately 250 hours of live interviews with 200 enterprise-level end-user organizations.

PUBLISHED DEC. 7, 2012