Security Manager Statistics and Surveys 2009By: John Honovich, Published on Oct 03, 2009
The needs and constraints of security end users are key elements in determining the selection of security technologies such as video surveillance. This is even more important over the last year as significant economic changes have occured.
In this premium report, we analyze and reference 7 different public surveys of security end users from the last 6 months.
The most consistent findings we see include:
- Most security budgets have been negatively impacted with a sharp increase in the importance of price in decision making
- The role of IT continues to increase though its exact form remains debatable (i.e., will IT control purchasing or recommend, etc.)
- Analytics interest remains lower than other emerging video surveillance technologies with some indicators that interest is actually decreasing
- 61% of end users report that budget/funding are their company's biggest obstacle in achieving a more secure workplace. This is up 14 percentage points compared to 2008.
- In answering directly about the recession's impact, only 13% report spending the same as always. The overwhelming majority report being negatively impacted including 36% 'having to cut down considerably' and 18% 'spending delayed as much as one year.'
- Cost is also the biggest complaint that end users have with their security systems, with over half citing it as a concern (54%). This is up 20 percentage points from the previous year.
- Among video surveillance technologies that end users report the greatest interest in, video analytics dropped the most. In 2009, only 35% report interest in video analytics while 2x the amount are interested in IP video.
- While the overwhelming majority of end users said they believed security systems could reduce the need for manpower, the amount disagreeing has doubled since 2007 (going from 9% to 18%). I would speculate that the main reason for this is the failure of video analytics which where widely believed to be a key driver in reducing manpower costs.
- Exploring the relationship between IT and security, only 5% reported to be in charge of both IT and security (though this number was only 2% in 2008). 33% of respondents report IT having an equal or primary role in purchasing security systems (up 12 percentage points from 2008).
- 62% of security managers report that they have purchased products directly from manufacturers or from wholesale distributors (up 10 percentage points from 2008). This is a very high percentage but the framing of the question likely skews it higher. The question asks if the respondent "ever purchases" rather than usually or primarily. It is likely that most end user primarily purchase through integrators. However, as we debated in the "Should I Buy IP Cameras Online?", this trend is growing.
Budget Cuts for Security Programs
In a survey of over 250 security managers conducted in January 2009, the Security Executive Council is reporting significant drops in security department budgets (see their executive summary from their research section). Key statistics include:
- 52% respondents report budget cuts
- Average general budget reduction of 5%
- Average Capital projects / equipment decrease was 11%
- [Note: averages above were calculated by weighing statistics from the increasing and decreasing charts in the executive summary]
- Video was one of the two most common tactics to increase security with decreasing budgets
Security Convergence Survey
In June 2009, Security Management released convergence survey results from large scale security departments. It is a long and detailed report worth reading in full. Here are some interesting aspects:
- About 2/3rds of video surveillance systems use the existing IT networks (though some are linked but not fully integrated). However, a significant number of video surveillance systems are completely separated from the IT network. The downside of complete separation is severe restrictions on who can physically access the video surveillance system (unless they have a network line off the physical security LAN).
- 73% of IT managers report to top level management while only 40% of security managers do. This certainly indicates that IT is considered more 'important' than security.
- Only 11% of security heads have the title of CSO while 57% have the title of Director and 20% use "Manager". Despite the constant talk of industry people about the CSOs and the importance of CSOs, the title is still quite rare in the corporate world.
- 70% of security departments said they used proprietary security management systems. I am not sure what this means because basically every security system is proprietary at the application level (manufacturers may have 'open' APIs but they are all proprietary implementations with no standards to define interoperability).
- 29% reported that their Building Automation System was integrated with their security system. This sounds high but the average revenue level of the respondents was $1 Billion USD so this likely reflects the minority of very large companies rather than companies in general.
- Only 10% said their relationship with IT was difficult. 88% said it was cooperative or highly productive.
- Only 16% of security departments said that they had a higher rank than IT in their companies. This is not surprising. On the other hand, I think video surveillance companies misread this into thinking that IT will, therefore, make physical security decisions. (See our debate about IT in physical security).
Security 500 Large End User Survey
Security Magazine has a number of reports that provide statistics/market trends. Their Security 500 report contains market statistics for security spending broken down by market segments.
- The report claims that Federal/State/Local Government spends $5,684 USD per employee while education: K-12 spends only $211 USD per employee.
- The only segments they claim security spending will grow over 10% in 2009 are "business services" and "energy/utilities."
- In their trends analysis, they claim that security will become more important for corporations. However, there's no theory/explanation provided inside the deck that explains how or why this is happening. Indeed, it's probably more likely that given the recession, security priorities are generally declining as budgets are cut.
The Security 500 end user rankings has a directory of 500 end users and their Points of Contact. The directory is divided into over a dozen segments including education, energy, government, health care, industrial, etc.
This is part of the Securing New Ground Conference held yearly in November.
A June 2009 survey of CSOs was released. Key findings include:
- This year 70% of security managers agree that the security leader's role is viewed as strategic and permanent. This is up from 14% in 2004. However, the article does not explain the reason for this increase.
- 50% of organizations use no formal financial methodology for security budgeting. I am not surprised and suspect this number is even higher as respondents may want to give an answer that sounds better. Also, this question was offered as multiple choice so the accuracy is questionable.
54% of organizations do not use a formal enterprise management risk program. That's a high number but one that I am not surprised at. This is probably even higher for smaller organizations.
IT Role in Security from IMS
IMS recently released a report/survey on IT decision making in the security industry. The key themes is that IT is playing a greater role than ever before (more than 60% of IT managers are involved in decisions). SSN has an article citing an example from Honeywell on this point. Honeywell explains how they had to reduce the number of ports they used because of IT's concerns.
What remains unclear in these discussions is the exact role IT has. The Honeywell example is more of a IT 'veto' where IT can block a product. This is similar to situations where facilities blocks a product (or a deployment) because a security system requires the use of power, mounting on building or wireless spectrum. [As a side note, opening too many ports is a very common problem for video surveillance products]
Convenience Store Security Manager Survey
Of the 125 respondents, 100% use video surveillance and they all use it for loss prevention - to be expected. However, 25% of respondents say their systems are not connected to any network. This may be somewhat surprising but it reflects the reality of many stores being in remote locations and having poor network connectivity - often only dial-up even in 2009. On the other hand, this segment has been shrinking for years and will continue to shrink.
Only 25% use audio recording at the counter and 8% use IP cameras.
Perhaps the most interesting point is that none of the 125 convenience stores are using video analytics. I don't find this surprising. Convenient stores do not have a lot of money to spend on such offerings and the types of analytics that would provide value in their environment are more story than reality.