IDC: Companies must spend more on security

Companies need to increase their spending on security technology in the coming years if they want to stay ahead of the increasingly sophisticated threats on their way, according to analyst house IDC.

IDC says that in 2003, businesses spent on average $42bn on security, compared to $43bn on printers and other peripherals, accounting for 4.8 per cent of total IT spending.

Historically, businesses have not invested as heavily in security as in other areas because it's been seen as an IT issue, not a business issue. And, says Duncan Brown, consulting director at IDC: "The business impact [of poor security] is substantially greater than the IT impact."

But this may soon change. IDC predicts the security market will grow to seven per cent of firms' overall IT budget by 2007. Of the security market, the mobile security software sector will grow at an even faster rate, increasing 71 per cent to $1.27bn in 2007.

The growth will be due to increased awareness among businesses of the costliness of poor security, the appearance of sophisticated threats that will take extra money to guard against and the development of security technology that's easy for companies to implement. In the mobile market, the boost will come from greater business demand for remote access.

That easy-to-use technology could consist of, for example, a hardware appliance that IT departments could plug into their network and set up with minimal effort, according to Brown.

"There is pressure to make security solutions more usable," he says, "and that means hiding them from users" and making them simple for IT personnel to install.

IDC also advises businesses to take a 'multi-layered' approach to security, as threats will continue to be complex and may get through a single layer of defence.

This means not just installing antivirus software but guarding every part of your system, including the network itself.

"If we think of security as a software issue, we're missing the point," says Brown.