Page 2 of 2
The study also points to increases in vertical markets where IT security had not previously been all that strong.
"Energy and industrial manufacturing are verticals that are getting very serious about security," said Kennedy. "For years, it was financial services, followed by healthcare. But, now we're seeing areas that haven't always increased their security budgets becoming more willing to invest. So we're seeing a lot more from sectors such as energy, transportation, industrial, etc. We are not exactly sure what is driving that phenomenon. Maybe concerns about SCADA and Stuxnet attacks are raising their awareness."
While the threat landscape continues to evolve towards more sophisticated and numerous threats, Kennedy also said that compliance appears to be the key driver for IT security expenditures.
"We always knew that compliance played a huge role in security," he said. "But I was very surprised to see that 42 percent of the respondents said that compliance was setting the agenda. I don't know that that is entirely positive. Certainly, the security people want to get the dollars any way that they can, but there were also complaints suggesting that compliance driving the agenda might not be the best way to do project prioritization."
Kennedy went on to say that a strong focus on compliance often leads to a checkbox mentality that lacks the layers of analysis necessary to assure truly effective data security.
The survey has been done on an annual basis for the last 15 years, and it includes approximately 250 hours of live interviews with 200 enterprise-level end-user organizations.