Forrester's latest Security Survey findings published

I wanted to announce that the reports based on our annual Security Survey of nearly 2,000 organizations are live as of Monday, January 25. These are among our most widely-read security reports, with insight into IT security priorities, challenges, state of compliance efforts, and of course adoption of security technologies and services.

The two reports are:

Here’s a taste of some of the findings:

  • Security budgets, which didn’t take too much of a hit overall last year, continue to fare well. Most notably, budgets for acquiring new security technology are recovering quite strongly. But insufficient staffing is still going to be an issue in 2010. Top security technologies areas identified for growing investment are network security and data security (for a slightly alternative view to data security spend and related 2010 prognostications, see Andrew Jaquith’s report, “Data Security Predictions 2010”).
  • The top IT security priority remains data protection. Notably, managing vulnerabilities and complex threats moved several slots up the ranks to become the #2 IT security priority today.
  • Across the board growth expected in adoption of various managed security services, with vulnerability assessments being the service organizations are most interested in adopting “over the next 12 months” (Sept 2009 – Sept 2010).
  • Compliance with PCI continues to look pretty abysmal. North American organizations are still not where they should be, and the level of PCI compliance in Europe is especially poor.
  • Organizations are expecting to investment big in client security, with renewed spending on more mature threat management technologies while simultaneously taking emerging data protection technologies mainstream.

Finally, some other observations from the data:

  • Diminishing distinctions between SMBs and enterprises with respect to priorities, challenges, and tech adoption. This is a continuing trend, and one that my colleague and economist-in-residence Andy Bartels is seeing across many segments of IT.
  • Not to minimize the fact that security concerns impede adoption of cloud, but security decision-makers expressed even more concern about consumerization (smart phones, web 2.0, etc). In general, this follows the broader trend of IT losing centralized control of technology adoption, deployment, and use. It’s not just consumer technology like iPods and use of Facebook or Twitter; it also shows up in the uncontrolled proliferation of SharePoint sites by business groups, or in the use of cloud compute services by application developers. All that aligns well with Forrester’s identification of the megatrends most affecting the technology industry.



re: Forrester's latest Security Survey findings published

Very valuable reports. I have last year (2008-09) reports and was eagerly waiting for newer versions. Although i missed the comparison of spending in different software services with those of security services. I was looking for this info and found it in one of the reports in Gartner, that would definitely be a suggestion to Forrester to work on such reports in future.

re: Forrester's latest Security Survey findings published

Thank you for your comments. Because there are so many value data points and insights from our Security Survey, we purposely keep this report focused on the data itself and an analysis of that data.
We do indeed look at spending across the security market as a whole as well as within different types of products and services segments. This analysis exists in a separate report, “Market Overview: IT Security In 2009” at, published in April of last year. We’ll be coming out with an update to that in a few months. Stay tuned!