By Tamlin Magee
Jan. 4, 2017
A report issued by Gartner in August 2016 found that there is a tendency to throw money at security - but this does not necessarily boost the effectiveness of an organisation's security.
In 'Identifying the Real Information Security Budget', Gartner found that spending analysis was often imprecise for more mature organisations, and although CISOs might feel compelled to check their budgets against industry standards, each organisation will have very different security needs - and so will define their budgets differently.
Gartner recommends that understanding and managing risk is at the core of delivering a successful security budget - spending might dip or swell depending on these risks, and that is to be expected when the threat landscape is naturally so volatile.