Forrester's latest Security Survey findings published

I wanted to announce that the reports based on our annual Security Survey of nearly 2,000 organizations are live as of Monday, January 25th. These are among our most widely read security reports, with insight into IT security priorities, challenges, state of compliance efforts, and of course adoption of security technologies and services.

The two reports are:

“The State of Enterprise IT Security And Emerging Trends: 2009 to 2010”, at

“The State of SMB IT Security And Emerging Trends: 2009 to 2010”, at

Here’s a taste of some of the findings:

  • Security budgets, which didn’t take too much of a hit overall last year, continue to fare well. Most notably, budgets for acquiring new security technology are recovering quite strongly. But insufficient staffing is still going to be an issue in 2010. Top security technologies areas identified for growing investment are network security and data security (for a slightly alternative view to data security spend and related 2010 prognostications, see Andrew Jaquith’s report,"Data Security Predictions 2010”)
  • The top IT security priority remains data protection. Notably, managing vulnerabilities and complex threats moved several slots up the ranks to become the #2 IT security priority today.
  • Across the board, growth is expected in adoption of various managed security services, with vulnerability assessments being the one service organizations are most interested in adopting “over the next 12 months” (Sept 2009 – Sept 2010).
  • Compliance with PCI continues to look pretty abysmal. North American organizations are still not where they should be, and the level of PCI compliance in Europe is especially poor.
  • Organizations are expecting to invest big in client security, with renewed spending on more mature threat management technologies while simultaneously taking emerging data protection technologies mainstream.

Finally, some other observations from the data:

  • There are diminishing distinctions between SMBs and enterprises with respect to priorities, challenges, and tech adoption. This is a continuing trend, and one that my colleague and economist-in-residence Andy Bartels, is seeing across many segments of IT.
  • Not to minimize the fact that security concerns impede adoption of cloud, but security decision-makers expressed even more concern about consumerization (smart phones, web 2.0, etc). In general, this follows the broader trend of IT losing centralized control of technology adoption, deployment, and use. It’s not just consumer technology like iPods and use of Facebook or Twitter; it also shows up in the uncontrolled proliferation of SharePoint sites by business groups, or in the use of cloud compute services by application developers. All that aligns well with Forrester’s identification of the mega trends most affecting the technology industry.


Very good points!


Thank you for sharing your summary with us! I work pretty exclusively with the SMB space, and I agree that security is surely a major priority. The ones that are eschewing expenditures in this area are the ones we're charging for hours of labor to clean infections! I agree with your colleague, Andrew Bartels (a fine graduate of my local institute of higher education, Haverford College!). I see also spending in security on the rise, as well as a mixed bag on spending for an outside IT resource. Many SMB entities that decide on the latter, unfortunately, do so with the "lowest hourly rate" mentality in their minds. Often, these inexperienced decision makers will be unaware of the risks of entrusting their key resources to Uncle Harry's son-in-law who took a class or two in computers in college, or the technician who works for a large company but takes side jobs for extra cash. In more than one case I've seen that become a fatal error, especially in these times with every dollar spent being hyper-critical to the success or failure of an organization.

I think too "cloud computing" in some form is going to surprise this year. More and more we are taking customers into our private cloud which relieves them from the day-to-day worry of maintenance, connectivity and upgrades, and gives them peace of mind in knowing that trained professionals are there 24/7 to help. Even if it's just a one to five person entity, with the proliferation of laptop devices they can carry their business anywhere and work anytime. This may be the space that rivals security spending in 2010. It will be interesting to see!