A year ago, 54% of security spending was aimed at keeping viruses, worms, spam, spyware and other cyber threats outside the perimeter; now it’s at 33%. Meanwhile, authentication and encryption have gained to account for over one quarter of security projects, a big jump from just 7% a year ago.
Our latest IT Prirorities data shows that spending on cyber threats has dropped significantly in recent months, freeing up resources for what may be long-awaited authentication, encryption, and disaster recovery projects.
Computer virus threats have relatively calmed down in recent months, which can help explain why security initiatives have shifted gears. A quick look at Symantec’s Security Response page shows the latest discovered threats sporting no more than a category 1 (very low) or 2 (low) risk level. TechRepublic said yesterday that there aren't any immediate threats lately, just plenty of news coverage around IM/P2P threats, the first potential risk for Windows Vista, and the Cisco site vulnerability. But that doesn't mean security pros are easing up. Spyware and spam continues to be a major threat to enterprises.
But last week, we found that security dropped out of the top 5-ranking in our IT Priorities survey for this month, which suggests that the perennial task of keeping cyber threats at bay is either getting easier, or is no longer an isolated process under the control of security professionals. Instead, as this frequent Talkbacker suggested, some of that responsibility may be falling under a different jurisdiction, particularly IT management.