Report: Lack of Security Expertise Drives I.T. Spending

Overburdened employees in many corporate and government I.T. departments have trouble keeping up with cybersecurity, according to a study by IDC.

That lack of expertise, coupled with an increase in viruses, worms and other malicious code, will account for a 49% increase over the next four years in worldwide spending on support services for security software, according to the IDC studywhich was released in March.

Support-services spending totaled $1.43 billion in 2005 and is expected to reach $2.13 billion in 2010. In North America, health care will lead spending for all security software, IDC says, followed by process manufacturing and discrete manufacturing. IDC estimates spending in those three industries will grow at compound annual rates of 17.1%, 15.6% and 15.2%, respectively, by 2009—faster than the overall market, which is expected to grow 13.3% to $8.7 billion.

“Security is a lot like chasing your tail,” says senior research analyst Matt Healey. “As soon as you get a nice secure network, another set of malware comes along.”

Companies are spending to get automated updates to antivirus and other software that keeps servers, data centers and networks secure. They are also buying consulting services to find holes in their infrastructure, although that spending was not included in Healey’s report. IDC surveyed eight security vendors—Cisco Systems, Check Point Software Technologies, Internet Security Systems (ISS), McAfee, RSA, Secure Computing, Symantec and Trend Micro—and their customers.

Even though security vendors prefer automatic updates, Healey says, they should still offer support over the telephone or through on-site visits. “Customers may still have to call somebody, or [have somebody come out] to quarantine their network,” he says. “[Security requires] constant vigilance and constant attention.”