The security of just about everything is now under a microscope, and that includes everything from customer data on consumer-facing Web sites to wireless corporate networks. As a result, International Data Corp., (IDC) expects the worldwide market for information security services to reach $21 billion by 2005.
Only 12.1 percent of U.S. companies with a Web presence cite direct financial loss as a concern of suffering an online security breach, according to research by Jupiter Media Metrix, but more than 40 percent are concerned about the impact that an online security invasion has on consumer trust and confidence.
The problem, according to Jupiter’s report is that these so-called “soft” concerns speak well of customer-focused operations, but their lack of direct financial value contribute to tremendously low planned growth in security spending. Jupiter recommends that enterprises outsource a significant portion of their Web site security technology to help them stay safe and under budget.
“While Code Red and other highly publicized security breaches have filled headlines, most Web site managers are not particularly concerned about the security of their site’s data,” said David Schatsky, Jupiter senior analyst and research director. “There is a fundamental lack of understanding out there when it comes to the gravity of security breaches. As businesses consolidate their enterprise data, it becomes easier for attackers to reach. Even if files on the Web server itself are relatively inconsequential, a hacker can reach through customer-facing applications to data used by other systems.”
A Jupiter Executive Survey from July 2001 found that 29 percent of Web site managers and CIOs rate their risk of attack as “low.” Nearly one-third of these managers classify their data sensitivity as “high.” According to Jupiter analysts, any business bothering to support a Web site should be concerned about an attack, and those who admit that their data is valuable to others should be doubly concerned.
“Do-it-yourself security is short sighted. If you’re talented and lucky, you can get by in a pinch, but it’s going to catch up with you. Security services should absolutely be monitored and managed internally, but you need expert advice, cutting-edge technology and a 24-hour emergency response team to make it work,” Schatsky said.
In addition to enlisting the aid of third-party firms, making security work won’t come cheap, either. According to IDC, the worldwide market for information security services grew to approximately $6.7 billion. By the end of 2005, IDC expects the market to more than triple to $21 billion at a compound annual growth rate of approximately 25.5 percent over the 2000 to 2005 period.
“The growing corporate appetite for remote LAN, Internet, extranet/intranet and wireless access services will drive the need for advanced information security services as technologies for circumventing network security systems continue to keep pace with the technologies designed to defend against them,” said Allan Carey, senior analyst with IDC’s Information Security Services research program. “The growth in this market will come from clients who recognize the value of engaging third-party service providers skilled at developing customized security strategies that solve real business problems. By implementing a best-in-class security architecture coupled with continuous monitoring and management of the infrastructure, security service firms enable clients to mitigate the risks associated with their business.”
IDC expects the financial services sector will continue to represent the largest source of information security services spending, growing from $848 million in 2000 to approximately $2.2 billion in 2005. Downtime equating to lost transactional revenue, the need to remain one step ahead of fraud and government regulations are all factors leading to the growth forecast in the financial sector.
The rapidly growing areas such as Asia-Pacific, Latin America and Western Europe will provide healthy markets for those companies providing information security services. IDC estimates that one of the fastest growing regions of the world for information security services over the next five years will be Asia-Pacific at 29.8 percent.
Although representing the smallest commercial sector in terms of services spending in 2000, the small business category (firms with 100 to 999 employees) will represent the fastest growing opportunity in the security sector through 2005. As small businesses continue to transition their networks to high-bandwidth architectures capable of handling a range of applications, from e-commerce to wireless, these organizations will invest more aggressively in security-related services.