On average an enterprise organization spends anywhere from 3% to 6% of its IT budget on security infrastructure. This budget amount is divided between operating expeses (nearly 70% of an IT budget which just keeps the wheels on) and capital expenditures intended to improve things and meet new user requirements (making up the other 30%). Is it enough?
I would say that it depends upon the organization and the vaule of the information assets the enterprise is looking to protect. A good example is a financial services firm. This organization is entrusted with information that could litterally change the course of the lives of millions of people should it fall victim to a security breach. In this instance I would hope that such an organization was devoting more than say 5% to keep my money safe. Speaking of which I got a phone call recently from a rather large financial services organization indicating that an account I have with them was subject to an attempted fraudulent act. All was well and I was pleased with the proactive nature of the call. I make it a point to thank the caller every time even though I realize they may be trying to save their company pain and financial loss more than they are trying to save me.
Just another example of how it all depends upon the vaule of the asset and the organization's tolerance for risk,
No comments:
Post a Comment