Spending on IT security is expected to rise rapidly as companies devote more of their budgets to fighting hacking and virus attacks.

Fears prompted by the discovery of four viruses in the last two weeks have forced companies to reconsider the importance of security spending.

Risk assessments now routinely include IT security in reports, and the insurance industry has started to insist on rigorous IT security if premiums are not to increase.

"In security, in general, people fix things that break but not things that don't," said Ian Kilpatrick, chairman of Wick Hill.

"The only plus side of the SoBig virus is that it has forced people who've been sitting on their hands to check where their hands are. Companies are now focusing on security spending that works."

According to a report out last week from analyst Datamonitor, security spending looks set to rise for at least the next three years and will consistently outperform other areas of the IT industry.

The report found that enterprise security products generated revenues of $7.1bn in 2002, while global enterprise investment in security products is predicted to rise to $13.5bn in 2006.

"The danger of all this press over SoBig is that people take their eyes off the biggest picture," said Graham Titterington, senior analyst at Ovum.

"The real message from the SoBig virus is that before lashing out with spending you need to get the IT staff the resources to actually do their jobs."

The report found that intrusion protection, vulnerability assessment solutions and security management tools are tipped to be key revenue generators in the next three years.