“It’s been a tumultuous decade for IT spending. In the recession that started in late 2000, many enterprises slashed IT investments wherever they could, except for IT security, which saw many businesses increase investments. Then, following the financial and mortgage meltdown, after a few years of growth, IT budgets remained flat, while investments in security and regulatory compliance initiatives still managed to remain strong.
Today, the relative strength of IT security spending compared to other aspects of IT is starting to show its age. According to the responses to this year’s CSO/CIO/PwC Global Information Security Survey, more enterprises are deferring IT security spending and cutting costs where possible. In fact, nearly half of all of those surveyed said they trimmed security costs last year. While only a slim majority, 51%, said they will increase security spending next year.” (http://www.networkworld.com/news/2011/101311-a-penny-251939.html)
Not something you really want to hear as an IT security student, am I right? IT Security is not an asset, it’s a liability. Unless you work for a place like McAfee, Symantec, or a penetration testing company, your job and what you do costs the business money that could be spent elsewhere.
The first job I ever had, my boss told me “You should always keep in mind two things: Save me money, and make me money.” Good words to live by in my opinion. The head honchos are always looking for ways to save and make money and having a huge security budget generally does not help, unless you can spin it as a selling point. For example if you’re a bank, it would be a good draw for customers to know that you have “the world’s most secure systems”.