Skip navigation
Skip navigation
You are using an outdated browser. Please upgrade your browser.

Only 13% of businesses admit they track the value of their IT security investments

A whitepaper by market intelligence and advisory firm IDC, sponsored by Cable & Wireless and Nokia, urges businesses to recognise the value of IT security not just as a cost but as a way of persuading stakeholders that risk is being managed effectively. Despite a high level of boardroom interest in IT security decisions, only 13% of businesses attempt to demonstrate the value of IT security expenditure by actively tracking its return on investment (ROI).

In a survey of 100 CIOs, CTOs and IT Directors to evaluate the changing perceptions of IT security in a business, IDC discovered conflicting views about its value:
• 71% of respondents said IT security decisions have a ‘medium to very high’ level of board involvement;
• At the same time 90% place IT security in their list of top five IT priorities;
• Despite this prominence, IT security is not considered a business investment with only 13% of the group actively tracking its ROI;
• Only 15% of respondents place IT security in the ‘risk management’ domain suggesting a low understanding of the impact of IT security on a company’s risk management strategy.

“Risk management assessments are becoming an increasingly important way of measuring a company’s success due to the growing focus on corporate governance and management accountability,” said Gordon Morris, analyst, IDC. “Now that IT is firmly recognised as a business enabler, with IT security commanding the highest priority, taking a risk management approach to prove the value of IT security provides companies with a meaningful way to measure its business benefit. Many organisations try to do this with direct ROI models, but this fails to reflect the business value provided by an effective security policy.”

The whitepaper also examines the value of outsourcing to help mitigate risk in IT. IDC’s research found that fewer than 10% of respondents outsource any of their IT security functions. However, the whitepaper recommends that by partnering with third party experts, companies gain a level of expertise in IT security that would be expensive to replicate internally. In turn, this expertise demonstrates proactive risk mitigation to an organisation’s stakeholders.

Ionut Ionescu, director of security services, Cable & Wireless, said, “If an organisation takes a risk management approach to IT security it can demonstrate measurable benefits to the business. Furthermore, an outsourced IT security service provides assurance to all the company’s stakeholders that the full range of risks are understood and being managed most effectively – this doesn’t mean ‘handing over the keys to strangers’ but working in partnership with experts for the best result.”

Andrew Steggles, marketing director, EMEA, Nokia Enterprise Solutions, added, “Businesses have a responsibility to all their stakeholders, including board members, shareholders, insurers, customers, partners and employees, to demonstrate that their risks, including IT risks, have been fully mitigated. By doing so a business will find it easier to secure insurance cover, attract institutional investment, recruit and retain customers and prove the case for internal investment enabling the business to grow.”

Although a minority of those surveyed already measure the benefits of IT security, IDC believes that they are the vanguard of a swing in attitude. This is backed up by the 6% of respondents that placed responsibility for IT security as a joint partnership between risk management and IT departments. This mirrors IDC’s recommendation suggesting that the responsibility for IT security lies somewhere between the two separate departments requiring their combined expertise when planning and implementing an IT security policy.

- Ends -

About Cable & Wireless
Cable & Wireless is one of the world's leading international communications companies. It provides voice, data and IP (Internet Protocol) services to business and residential customers, as well as services to other telecoms carriers, mobile operators and providers of content, applications and internet services.

Cable & Wireless’ principal operations are in the United Kingdom, continental Europe, the United States, Japan, the Caribbean, Panama, the Middle East and Macau.

For more information about Cable & Wireless, go to

About IDC
IDC is the premier global market intelligence and advisory firm in the information technology and telecommunications industries. We analyze and predict technology trends so that our clients can make strategic, fact-based decisions on IT purchases and business strategy. Over 700 IDC analysts in 50 countries provide local expertise and insights on technology markets, and our management team is comprised of experienced and respected industry luminaries. Business executives and IT managers have relied for 40 years on our advice to make decisions that contribute to the success of their organizations. For more information about IDC, go to

About Nokia
Nokia is the world leader in mobile communications. Backed by its experience, innovation, user-friendliness and secure solutions, the company has become the leading supplier of mobile phones and a leading supplier of mobile, fixed and IP networks. By adding mobility to the Internet, Nokia creates new opportunities for companies and further enriches the daily lives of people. Nokia is a broadly held company with listings on six major exchanges. More information on Nokia is available at

This press release was distributed by ResponseSource Press Release Wire on behalf of Pleon in the following categories: Consumer Technology, Personal Finance, Business & Finance, Computing & Telecoms, for more information visit