More IT Dollars Headed for Security

Heightened security concerns are forcing companies to devote an increasing amount of their tight IT budgets to security, whether that means buying security software and turning to managed security services.

According to Dataquest, Inc. the worldwide security software market is expected to reach $4.3 billion in 2002, a 18 percent increase over revenue of $3.6 billion in 2001.

“Enterprises are looking particularly at defensive security technologies such as antivirus software, intrusions detection systems and firewalls,” said Colleen Graham, industry analyst for Gartner Dataquest’s Software Industry Research group. “Technologies such as biometrics and other forms of authentication are also getting a great deal of attention, but because of the high cost of rolling out such technologies, mass adoption of these products will not occur before 2003.”

The telecommunications and communications industries led the way in security spending in 2001. But in 2002, with security a front page issue, government, education, IT and financial services are expected to increase security software spending while telecommunications, communications and services are projected to cut back.

“Financial services companies are critically concerned about the infrastructure-dependent nature of the industry and are anxious to prevent outages, such as those suffered after Sept. 11, from occurring again,” Graham said. “Government and defense will increase spending in reaction to public concern about the shamefully low scores received in security audits performed in reaction to increased concerns about the security of the government IT infrastructure.”

It’s not just the Sept. 11 attack that put security on everyone’s mind. Several well-publicized hacks, virus outbreaks and distributed denial of service attacks in the past year thrust the need for security into public awareness, ultimately boosting the market, according to Dataquest.

The U.S. market for managed security services was approximately $720 million in 2000, according to International Data Corp. (IDC). But IDC expects the market to escalate to $2.2 billion by 2005, displaying a compound annual growth rate of 25.4 percent between 2000 and 2005. Competitors in the managed security market include network/systems integrators, service providers or xSPs, technology owners and pure-play security service firms.

IDC found the most apparent opportunities for managed security service providers (MSSPs) are within the small to medium-sized business market, where customers have strong security needs, but limited information security skills and resources.

“The managed security services market is being driven primarily by resource constraints to capital and security expertise, as well as the growing complexity of networks and rogue access points, which exponentially increase exposure to vulnerabilities and threats,” said Allan Carey, senior analyst of IDC’s Information Security Services research service. “These factors combined are drastically affecting the way organizations approach risk mitigation. Customers want information security solutions to seamlessly integrate into the network, ensure scalability, and provide a measurable return on investment.”

According to a survey by Information Security magazine, almost half of the more than 2,500 organizations surveyed were hit by a Web server attack in 2001, nearly double the number hit in 2000. Viruses, worms, Trojans Horses and other “malware” infected 90 percent of these organizations, even with antivirus protection in place at 88 percent of the organizations surveyed.

The survey also found that nearly one-third of surveyed enterprises froze security spending at some time in 2001 because of adverse economic conditions.

Related reading