What price security? Somewhere between $110 and $334 per employee, depending on the size of your company.
Economies of scale allow larger companies to spend less per employee, while companies in certain industries (transportation, high tech, and telecommunications, as well as federal and state governments) spend far more heavily per employee than companies in the medical, retail, and manufacturing sectors, according to the ninth annual Computer Security Institute/FBI Computer Crime and Security Survey.
When asked about security spending as a percentage of their overall IT budget, nearly half of the 494 respondents pegged it at 1 to 5 percent, 15 percent put it at 6 to 10 percent, 8 percent indicated that security accounted for more than 10 percent of all IT expenditures, and 14 percent said they didn’t know.
Asked about the metrics applied to security spending, fully one-third of the respondents stayed mum. Of the 320 who did respond, slightly more than half said security spending decisions were subject to ROI analysis, while the other half was split between net present value and internal rate of return.
Outsourcing of computer security has yet to take hold to any meaningful degree: nearly two-thirds of the respondents said they don’t outsource any aspect of security, and less than 1 percent said they outsource all of it. Slightly more than one-fourth of the respondents said they have signed on for some form of cybersecurity risk insurance.