As a rule of thumb, corporate security budgets have tended to average around 5% to 8% of overall IT budgets.
Symantec EMEA-region CTO Darren Thomson notes that this is based on several assumptions: that the threat landscape is not becoming more complex, and that infrastructure requirements are growing at a reasonably steady pace. Neither of these assumptions are valid today, he says.
First, as attackers begin using machine-learning or artificial intelligence, or tapping vast, poorly secured internet-of-things networks, their attacks are becoming more sophisticated. Second, many organizations are now shifting to hybrid security systems that include cloud-based elements, producing parallel security environments that must be managed and maintained.
Additional pressures stem from the costs of complying with laws such as Europe’s General Data Privacy Directive, and the rising cost of salaries driven by a worldwide shortage of IT-security skills, he says.