Financially motivated targeted attacks are becoming more prevalent and new vulnerabilities continue to be reported, but 90% of these attacks can be avoided without requiring any increase in security spending, according to Gartner. Gartner says that the average enterprise is spending more than 5% of the IT budget on security and close to 12%, if disaster recovery spending is included.