Companies view IT security spending as a "grudge purchase", with most businesses already having trimmed budgets as far as they can.
Further cuts risk "impacting core technology controls", a leading security adviser has warned. But businesses are also still more likely to take a reactive approach to information security, rather than to adopt a proactive strategy, which could be cheaper, and more effective.
The warning - from Neil Campbell, global general manager at Dimension Data, the IT services company - comes at a time when businesses are being forced to review their data security policies in light of the WikiLeaks diplomatic cable leaks and the subsequent cyber attacks on businesses.
Organisations still view IT security, as well as tools such as data leak protection, as insurance policies they have to take out. Only rarely do businesses see security as a revenue generator. However, more companies are building security into new business processes, Campbell told IT PRO in an interview.
"Customers are on a journey from being reactive to proactive when it comes to security," he said. "When you are reactive you wait for a security incident to occur. Then when it does, you end up spending too much on technology thinking the technology will fix it.
"If you are proactive, you have a much better understanding of what your risks are, so when an incident does occur you either have the right controls in place, or are willing to accept the consequences [of an incident]."
