Even as organizations adapt to the current global economic crisis with cost-cutting and restructurings, they are making investments to strengthen IT security. According to an global survey sponsored by CA, Inc., 42 percent of organizations anticipate an increase in budget for IT security, while 50 percent expect budgets to stay flat, and only eight percent anticipate a cut in their IT security budget. IT security budgets are being driven upward by the prospect of new regulations and a perception that restructurings will increase internal threats.

Already companies spend a significant amount of their IT security budget on compliance:

- On average, companies in North America spend 26 percent of their IT security budget on compliance initiatives, while companies in Asia Pacific spend 37 percent, and EMEA and South America spend 19 percent and 17 percent respectively.

- On average, 78 percent of companies surveyed globally believe that new regulations and mandates will increase IT spending and efforts.

- Survey responses showed that security budgets correlate to how regulated the company is. For example, an organization that is highly regulated and must comply with 50 or more regulations, spends about 3.5 times more on IT Security than a company that is more lightly regulated with fewer than 10 mandates.

"The need for companies to have the security systems, processes and reporting structures in place to help them verify compliance has always been one of the strongest drivers for security software such as identity and access management, security information management and data loss prevention," said Lina Liberti, vice president of marketing, CA Security Management. "Despite the need to cut costs, organizations continue to invest security tools that will help them automate labor-intensive, manual compliance procedures such as reporting, deprovisioning users' entitlements, and removal of orphan accounts. The goal is to automate compliance systems to reduce errors that can result in audit failures while demonstrating the value in an IT security investment more quickly through streamlined processes."

The economy also has forced many companies to restructure their organizations, which has often resulted in layoffs. Sixty-seven percent of mid-market companies and 73 percent of enterprise organizations believe that layoffs have increased the internal threat to IT systems.

Whether a security incident is caused by an internal or external threat, the impact on an organization in dollars and cents is significant, and it has an effect on security spending:

- According to survey respondents, security incidents at companies in North America report an average loss of nearly $418,000, with the majority of them reporting losses of more than $500,000. The real number is likely greater when factoring in lost time identifying and remediating the breach, and the damage to corporate reputation.

- Survey respondents that reported an increase in IT security spending also reported a higher number of internal and external incidents.