Research Predicts Security Spending Slowdown

Even as high-profile data leaks grab headlines and compliance auditors begin making their rounds, many chief information security officers are preparing to trim their budgets.

According to a new survey of North American CISOs released by New York-based investment bankers Merrill Lynch & Co., enterprises are hoping to throttle down their spending on new IT security technologies over the second half of 2006.

On average, the IT security executives interviewed by Merrill Lynch said they only plan to increase spending by 2.9 percent over the next 12-18 months, whereas CISOs had indicated plans to increase spending by 11.4 percent when the survey was last conducted in March 2006.

The number of survey respondents who said they spent less than 5 percent of their budgets on security products over the last quarter increased from 40 percent at the end of first quarter 2006 to 56 percent at the close of May.

The number of CISOs who spent 6 percent or more of their budgets on security decreased from 60 percent to 44 percent at the end of the first quarter 2006. Product release cycles could have weighed significantly on those results, the Merrill Lynch report conceded.

Among the trends driving the reduced spending on IT security is the growing inclusion of defensive features built into technologies such as network equipment and Microsoft’s next-generation Windows Vista operating system.

However, while 7 percent of those surveyed for the report said they hope to eliminate the need for stand-alone security products altogether by using on such tools, only 16 percent said they actually plan to buy fewer products, with 22 percent holding out for price concessions from vendors before making additional purchases.

As a result, existing vendors have little reason to fear being replaced by security features on other products anytime soon, Merrill Lynch said. The report indicates that many companies are not yet ready to trust vendors such as Microsoft to protect their own products, contrary to some industry watchers’ assertions.

Click here to read more about mixed reactions to Microsoft’s new built-in Windows security measures.

“We believe [the findings] mitigate long-standing concerns that security vendors will ultimately go away or be absorbed by larger infrastructure vendors,” wrote Ed Maguire, the Merrill Lynch analyst who authored the report. “[The] key will be for vendors to anticipate new security needs with extended or newer offerings.”

However, the report said some types of security applications, such as anti-virus software, firewalls and VPNs, will become increasingly commoditized, putting pressure on stand-alone vendors of the technologies as demand decreases.

Read the full story on eWEEK.com: Research Predicts Security Spending Slowdown