HONG KONG, 5 SEPTEMBER 2008 – IT security professionals in Asia-Pacific organisations spend a larger proportion of their IT budget on security than their North American and European counterparts, and most expect their IT security budgets to remain the same or increase this year, according to a new study by research house Gartner.
The average percentage of the IT budget dedicated to security in the Asia Pacific is around 15 per cent, according to the survey.
The March 2008 research research covered 156 IT security professionals in Australia (50), China (54) and India (52).
Despite an economic downturn in the US, 40 per cent of Asia Pacific organisations surveyed said their 2008 IT security budget has increased over what it was in 2007, while 45 per cent claimed it had remained “about the same”.
Security spending drivers
Data security and lack of skilled resources ranked among the top concerns of organisations in Asia. However, more than 30 per cent did not include standards or government regulations on the list of what is driving their IT security spending.
More Chinese (46 per cent) and Indian (56 per cent) respondents said they were spending “significantly more” or “somewhat more” in 2008 than their Australian counterparts (18 per cent).
“This reflects the difference between mature and emerging markets, which are still hungry for security solutions,” said Matthew Cheung, senior research analyst at Gartner. “While the impact of the US economic downturn had yet to be felt in Asia Pacific at the time the survey was done, investment in security technology, services and staffing is viewed as critical and cuts in this area are not considered a result.”
However, increasing security budgets may not improve an organisation’s purchasing power, according to the research.
“Growing inflation rates in the region are putting pressure on vendors’ prices. One way that you can get more for less is to consolidate spending by sourcing from fewer vendors and get discounts by spending more with fewer vendors,” Cheung said.
Premature IT security in AP
“This AP level of spending is relatively high compared to organisations surveyed in Western Europe and North America,” said Cheung. “This may be due in part to the heavy concentration of small and mid-size businesses in this region, as well as a relative lack of maturity in security.”
Data security is the top driver for security spending in organisations in the three countries surveyed, reflecting growing concerns about personal data privacy, especially in government, financial services and healthcare. While most of the top concerns in Asia Pacific are similar to other regions, Asian organisations ranked “lack of internal skills/resources” higher.
“There is a shortage of IT security personnel and related resources in emerging countries such as China and India, which are still premature in developing IT security measures and policies,” said Cheung.
In contrast to Western Europe and North America, government regulations and industry standards are not the primary driver for security spending in Asia Pacific.
Greater emphasis on ISO
More than 30 per cent of respondents in Asia Pacific chose “none” of the government or industry standards on the list of what is driving their IT security spending. However, 12 per cent of respondents claimed “ISO standards” are driving security spending, reflecting the importance of quality control in countries that rely heavily on exports of products and services.
“Compliance is more important in mature markets where governments are increasingly enforcing laws and regulations,” said Cheung. “In Asia Pacific, IT security spending is driven from a business perspective rather than a regulations or standards perspective.
“That means businesses are more paying attention to customer needs like privacy, and critical information like financials, than to external factors. These business pressures push Asian organisations to continuously invest in IT security solutions that are crucial to their brand name, integrity and accountability, as well as to business success in the region.”
