Security spending doesn't match risks

Security breaches cause more than $15bn worth of damage worldwide every year, yet total investment on network security is only half this, according to a study by analyst Datamonitor.

A report published today by Datamonitor reveals that despite numerous high-profile attacks by hackers and the damage caused by viruses such as the Love Bug, companies are still not taking ecommerce security seriously.

More than half of businesses worldwide spend only five per cent or less of their IT budget on securing their networks, according to Datamonitor, which believes this lack of investment is a barrier to the effective growth in ecommerce, total revenues for which it expects will exceed $6tn.

However, these forecasts will fall short without security issues being resolved. Without adequate protection companies leave themselves open to damaging their brand, network downtime, lost data and wasted manpower dealing with security breaches.

"Many ebusinesses are still ignorant about the risk they are exposing themselves to, despite the fact that a significant number of companies have already suffered problems with unauthorised access, and even Microsoft has been subject to hack attacks," said Datamonitor e-security analyst Ian Williams.

Alarmingly, after interviewing 300 IT managers on the subject, Datamonitor concluded that 30 per cent of IT managers believed the security measures they had in place were inadequate to protect against hack attacks or rogue computer viruses.

According to Williams, security solution providers are best placed to educate businesses on the security technologies available to them, and how users can see a return in investment.

He added that vendors are positioning themselves through partnership or acquisition to provide more complete offerings, but building a secure infrastructure remains a "large jigsaw puzzle".

Williams said there is no "silver bullet" solution that would protect a company's infrastructure against security attacks, particular as fresh security risks are emerging as companies adopt mobile communications technologies. Security is a business issue and not just about technology, he added.

In the report, entitled eSecurity - Removing the Roadblock to eBusiness, Datamonitor predicts security spending will increase from $8.3bn now to $30.3bn in 2005 - a growth rate of 28 per cent year on year.

Public key infrastructure and virtual private networks will be the largest areas of growth, with global investment reaching $2.6bn and $3.9bn respectively by 2005.

Spending on ecommerce security services will also treble from an estimated $4.3bn in 2000 to $11.9bn in 2005, with uptake particularly strong among smaller businesses.