Why Hackers And Regulations Cost The Earth

It’s a shocking thought, in times when efficiency means life or death, but five to ten percent of your IT budget may be producing no direct benefits at all.

I can’t say this is wasted money, because I’m talking about your security budget. We know that’s essential spending, because without it, your business could be over very quickly. There’s another “essential” but not directly productive part of your budget too – and that’s the one that goes towards making sure you meet various regulations.

Security and regulations don’t produce benefits, they just prevent mishaps. It’s worth asking: how much of your IT resources only exist to protect against attacks by malware and hackers – and less dramatically, to maintain a clean bill of health with the red tape merchants? And how much of the environmental footprint of your IT is being expended just to stand still in ongoing wars of security and regulations?

There’s been a rule of thumb that around five percent of a small business’s IT budget should go on security measures. For larger organisations, the percentage goes up – and for the US Department of Defense, it seems to be far higher. The department reported it had spent $4 billion ($13 percent of its $33 million 2009 IT budget) on security – but there is apparently another million dollars hidden in other IT programmes.

Figures for the percentage of your budget that goes on meeting Sarbanes-Oxley or other regulations are even harder to dig out, but they are significant.

One thing seems fairly sure – whatever percentage you spend on security, it’s not likely to go down this year. IT budgets may be flat, but the attacks continue. And there are moves to build IT out into more parts of the enterprise, which could vastly increase the attack surface available to hackers.

This is likely to drive a more service-led security model according to IBM’s Marc Van Zadelhoff. This might enable businesses to keep up, without having to increase their expenditure so fast, he argues.

And regulations aren’t going to go away. There was a burst of them after the Enron scandal, supposedly to prevent further damage from corporate greed. The current banking crisis perhaps shows just how little use those regulations have been, but it will no doubt inspire a new set, along with new demands on IT.

Both these forces add up to more demands for IT to meet, and more resources expended, with consequences for the IT budget – and the environment. Hackers and regulators alike have a lot to answer for.

Peter Judge

Peter Judge has been involved with tech B2B publishing in the UK for many years, working at Ziff-Davis, ZDNet, IDG and Reed. His main interests are networking security, mobility and cloud

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

3 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

3 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

3 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

4 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

4 days ago