Security software and services spending will outpace other IT spending areas in 2010, according to a new survey by Gartner.

Security software budgets are expected to grow by about 4% in 2010, outpacing all other areas of infrastructure software. Security services budgets are projected to grow almost 3%, significantly outperforming other service areas.
In April and May of 2009, Gartner surveyed more than 1 000 IT professionals with budget responsibility worldwide to determine their budget-planning expectations for 2010.
“In the current highly uncertain economic environment, with overall IT budgets shrinking, even the modest spending increases indicated by the survey show that security spending accounts for a higher percentage of the IT budget,” says Adam Hils, principal research analyst at Gartner. “Security decision makers should work to allocate limited budgets based on enterprise-specific security needs and risk assessments.”
Specific areas of projected security-related software spending growth in 2010 includes security information and event management (SIEM), e-mail security, URL filtering, and user provisioning.
The continued, comparatively strong emphasis on security extends beyond software. The survey showed that security services spending will also outpace spending in other services areas, with budgets expected to grow 2,74% in 2010. This anticipated increase is being driven in part by a growing movement towards managed security services, cloud-based e-mail/web security solutions, and third-party compliance-related consulting and vulnerability audits and scans.
“When evaluating and planning 2010 security budgets, organisations should work to achieve a realistic view of current spending and recognise that it may be impossible to capture all security-related spending because of organisationally diffused security budgets,” says Ruggero Contu, principal research analyst at Gartner.
“Businesses should also recognise that new threats or vulnerabilities may require security spending that exceeds the amounts allocated, and should consider setting aside up to 15% of the IT security budget to address the potential risks and impact of such unforeseen issues.”