While this is the overall figure for local industry according to Meta Group security and risk strategies analyst Michael Warrilow, there are some exceptions like financial services, where the spend is closer to 6 per cent.
Even the paltry figure of 2 per cent is overly-optimistic for some industries, Warrilow said, adding that this is despite the fact that more than 40 per cent of Australian companies surveyed in the 2003 AusCert Computer Crime and Security Survey suffered at least one security breach in the past 12 months.
Previous forecasts predicted the IT security spend would reach 5 per cent by 2003, but Warrilow said it will take another two years as "times are not getting any easier".
While financial services are the market leaders, Warrilow said the public sector needs to reach the 6 per cent figure to successfully implement its e-government initiatives.
He said IT spending by utilities in the energy sector is skyrocketing as a result of critical infrastructure pressures, but there are still plenty of laggards in areas like manufacturing. The automotive industry is an exception, however, due to the value of intellectual property.
Releasing its first global security survey of the top 500 global financial institutions this week, Deloitte Touche Tohmatsu surveyed 80 chief security officers (SCO) and found 63 per cent of respondents perceive spending on IT security to be a "necessary cost of doing business rather than a discretionary expense".
However, key concerns the CSOs listed included the increasing sophistication of threats, and the need to maintain adequate ongoing funding.