Cambridge, Mass. – Given these times of economic uncertainty, new survey results show just how important IT security is to professionals. Spending on IT security will continue to grow next year, according to new data unveiled by Forrester Research Inc., Cambridge, Mass., on the first day of its Security Forum.

The Forrester Business Data Services survey, which polled more than 1,200 North American enterprise and SMB security decision-makers, found that 21% of respondents expect to increase their IT security budgets in 2009, while nearly three-quarters of those surveyed expect no cutbacks in their security spending. Only 6% of respondents anticipate having to cut their security budget next year despite the current economic uncertainty.

Forrester Research Principal Analyst Khalid Kark noted in his keynote address at the forum, that Security & Risk professionals are now in a renaissance period, and security's influence is growing within organizations. He also revealed the following data from the study:

• Security makes up 10% of overall IT operating budgets in 2008, up from 8% last year

• Nearly 50% of respondents report to a board/CEO or an executive committee. Security is no longer embedded within IT

• Data protection is critical. More than half of respondents said that protecting corporate IP and customer data was their top priority for the next 12 months

• Companies are realizing the significance of having business continuity and disaster recovery plans in place. Forty-two percent of respondents said it was very important, up from 33% from last year

"This is an exciting time to be in security," Kark says. "We are in a period of immense change in which we have the opportunity to define the future of our profession. Security  and risk professionals are faced with a rapidly changing technology landscape and business environment. To achieve success in the role today, they need to be open to new ideas and embrace change."

One way to embrace change is to build strong relationships with business leaders. But even with the proper relationships and team in place, information security requires investment in technology, INN reports September 2008’s cover story.

With insurance data highly distributed among networks and locales, carriers need to pair infrastructure-level protections with adaptive application-layer firewalls. Until recently, the only option was to cobble together point solutions from different vendors.

Fortunately, newer, sophisticated toolsets are giving carriers the technical ability to meet threat models in a centralized manner that wasn't possible even a few years ago. Among these new tools are data loss prevention (DLP) products, which sit at the gateway of the network and quarantine or encrypt data as it passes through. DLP products can monitor what is sent out via e-mail, instant message and FTP. They also can break open e-mail and use rules to determine the content and whether it can be sent out as clear text or whether it has to be encrypted.

Sources: Forrester Research Inc. and INN archives

Exclusive content only available on

Register or login for access to this item and much more

All Digital Insurance content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access