Why Hackers And Regulations Cost The Earth

It’s a shocking thought, in times when efficiency means life or death, but five to ten percent of your IT budget may be producing no direct benefits at all.

I can’t say this is wasted money, because I’m talking about your security budget. We know that’s essential spending, because without it, your business could be over very quickly. There’s another “essential” but not directly productive part of your budget too – and that’s the one that goes towards making sure you meet various regulations.

Security and regulations don’t produce benefits, they just prevent mishaps. It’s worth asking: how much of your IT resources only exist to protect against attacks by malware and hackers – and less dramatically, to maintain a clean bill of health with the red tape merchants? And how much of the environmental footprint of your IT is being expended just to stand still in ongoing wars of security and regulations?

There’s been a rule of thumb that around five percent of a small business’s IT budget should go on security measures. For larger organisations, the percentage goes up – and for the US Department of Defense, it seems to be far higher. The department reported it had spent $4 billion ($13 percent of its $33 million 2009 IT budget) on security – but there is apparently another million dollars hidden in other IT programmes.

Figures for the percentage of your budget that goes on meeting Sarbanes-Oxley or other regulations are even harder to dig out, but they are significant.

One thing seems fairly sure – whatever percentage you spend on security, it’s not likely to go down this year. IT budgets may be flat, but the attacks continue. And there are moves to build IT out into more parts of the enterprise, which could vastly increase the attack surface available to hackers.

This is likely to drive a more service-led security model according to IBM’s Marc Van Zadelhoff. This might enable businesses to keep up, without having to increase their expenditure so fast, he argues.

And regulations aren’t going to go away. There was a burst of them after the Enron scandal, supposedly to prevent further damage from corporate greed. The current banking crisis perhaps shows just how little use those regulations have been, but it will no doubt inspire a new set, along with new demands on IT.

Both these forces add up to more demands for IT to meet, and more resources expended, with consequences for the IT budget – and the environment. Hackers and regulators alike have a lot to answer for.

Peter Judge

Peter Judge has been involved with tech B2B publishing in the UK for many years, working at Ziff-Davis, ZDNet, IDG and Reed. His main interests are networking security, mobility and cloud

Recent Posts

Apple, Google Mobile Ecosystems Should Be Investigated, CMA Told

CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation

12 hours ago

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

14 hours ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

16 hours ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

1 day ago

Former Policy Boss At X, Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

1 day ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

1 day ago