Business IT security spend to double

Companies are tipped to nearly double their IT security spend from two-and-a-half percent to around four percent of their total technology budget next year, vendors at a recent IT media conference said.

Kevin McIsaac, an analyst with META Group, told journalists at the inaugural MediaConnect Face the IT Media conference in Queensland, that despite the sluggish spending of recent years, IT budgets would start to grow again with particular reference to security technologies.

'IT spending has really been through a decline the last couple of years. People are spending a bit more now this year - to 2.5 percent. Also it will go to nearly 4 percent next year,' he said.

McIsaac said, however, that CFOs and CEOs would likely continue to hold the company purse strings, in line with the business case holding more weight than the technology itself in buying decisions.

'Security is [now] considered to be a business issue and not just an IT issue,' he said.
McIsaac added that less than half of companies had a formal anti-virus policy.

Businesses should consider product, people and processes together when developing effective security practices, he said, hinting at the focus that would reap the biggest gains for the channel.

'Today, they have the technology but they really know what to do with it and they know even less than that on education [of staff],' he said.
McIsaac said MessageLabs had reported that one in 200 emails passing across its network contained a virus.

'Patching is a horrific problem today. Very expensive and time-consuming,' he said. 'And 90% of laptops by 2005 will have WiFi - so everybody's walking around with their own portable security breach.' Security vendors agreed with McIsaac.

John Donovan, MD of Symantec in Australia and New Zealand, said the nature of the malware threats was now such that security needed to be proactive and harness people, processes and technology to combat it.

'Within 10 minutes, SQL Slammer had infected about 250 million SQL servers worldwide. So the time is very short,' he said.

Businesses would increasingly find that vulnerabilities were being exploited faster than vendors could produce patches to defeat them. A new approach was needed that would place the ambulance at the top of the cliff rather than at the bottom, Donovan said.