Security has finally become an item on the corporate agenda but many companies are taking the wrong approach to addressing the issue, according to research by IDC.

In its Security Services: Protecting the eBusiness Infrastructure report, published this week, IDC argues that many companies rolling out ebusiness programs are failing to formulate and apply an appropriate security policy, which is needed to properly secure their internet infrastructures.

Sandra Baccari Edler, research analyst from IDC's European business infrastructure and technology services programme, warned that companies with piecemeal security in place are both at risk from crackers and at a competitive disadvantage to competitors.

"Companies are putting up walls or filling in holes and are not building a secure environment based on a cohesive, holistic security policy," said Baccari Edler.

"If ebusiness in Europe is to be successful, this approach will have to change. Security needs to be incorporated into a corporate culture - not treated as an add-on," she added.

IDC argues that due to a lack of forethought, companies commonly believe they are secure after implementing one or two security measures. Another common mistake identified by IDC is that companies tend to focus on keeping the bad guys out - without considering the needs of legitimate users from both inside and outside their organisations.

The researcher found that of companies that employ some security measures, virus detection software is by far the most popular choice with 97 per cent of respondents to its survey claiming use of it.

Other security measures employed by European companies drop in popularity as they increase in complexity and cost. The implementation of firewalls, used by 67 per cent of companies, is rather straightforward, while complex public key infrastructure technology - which require extensive management - are used by only nine per cent of the firms.

IDC also found that, fuelled by the explosion of ebusiness, the security services market in Europe is undergoing enormous growth. Increased access to company resources over the internet and the need for companies to protect their brand in cyberspace are other factors stimulating the expansion of the security market, which IDC characterises as being still in its infancy.

"Improvements in security will become a priority when legislation comes that will require companies on the web doing business to be secure or when security lapses affect the bottom line. Good security will not come through a watershed event, though awareness is getting there," said Baccari Edler.