2 min read

Gartner: Security Tax Break Bill Is 'Misguided'

Security analyst John Pescatore says companies should be encouraged to spend money on preventing security problems rather than fixing them after they occur.
In the wake of the Sept. 11 terrorist attacks, there have been plenty of ideas about ways to improve security: Some were good, some were bad. John Pescatore, security analyst with Gartner, says House Bill 2970 falls into the bad category. The bill, which was proposed by Rep. Jerry Weller, R-Ill., would give companies a tax break for investing in security devices. Qualifying investments would include products such as camera surveillance devices and locks, as well as authentication tools such as biometrics and smart cards.

But Pescatore says the bill is "misguided" and should encourage companies to spend money on preventing security problems rather than fixing them after they occur. Security spending is increasing but so are the number of cyberattacks. Gartner has estimated that companies spent 2.6% of their IT budget on security in 2000 and will spend 3.3% this year and 4.1% next year. "This spending will now go even higher as a result of the attacks and new emphasis on security," Pescatore says. But he says that companies are feverishly fighting the symptoms rather than facing the core issue of inherently insecure products. "You are rewarded for throwing up firewalls and biometrics, but not for buying more secure products in the first place."

Pescatore says the government--as well as the free market--should use other incentives to force vendors to ship more secure software. For example, he says, tax breaks should be given for providing security training to software developers and for research that improves the security of infrastructure software. Says Pescatore, "This bill, if it becomes law, will just exacerbate the existing problem we have with vulnerabilities and patches."