Businesses Keep Spending On Security

It's still full speed ahead for information security specialists in 2002. Although IT expenditures for other areas are either staying level or being slashed, more money continues to be directed toward the defense of company networks. While many attribute heightened information security awareness to the devastating attacks of Sept. 11, those charged with security networks could also point to Code Red striking Microsoft servers last July and the Nimda worm attacking networks in September. Worldwide damages for both, according to research firm Computer Economics, total roughly $3.25 billion, with Code Red accounting for $2.62 billion.

It's no wonder that of the 300 business-technology executives interviewed by InformationWeek Research in December, more than half say their companies will increase security spending this year, while 43% will spend about the same as in 2001. Only 2% of managers say their companies have decided to trim security outlays.

Companies of all sizes are concerned about security. In all, 54% of small and large companies say they'll boost their security budgets in 2002; 59% of midsize businesses will do likewise.

Some companies are so concerned about security that it's the area of operations slated for the largest spending increase this year. Fourteen percent of companies with revenue up to $100 million, 17% of businesses with revenue between $100 million and $1 billion, and 15% of companies with $1 billion or more in revenue are making security their key focus in the months ahead.

Most of that investment will be spent fortifying networks, say 78% of small, 89% of midsize, and 90% of large companies. Businesses might want to consider allocating some of those funds aimed at network security to improving their processes for patching their servers. In recent days, hackers have started breaking into Sun Solaris systems en masse after customers failed to patch a flaw that Carnegie Mellon's CERT Coordination Center warned about in November.

How long does it usually take your company to react after a CERT warning has been released? Let us know at the address below.

George V. Hulme
Senior Editor
[email protected]

Encryption Intent

Improving network security is among the most common technology priorities in the works this year among the 300 companies in InformationWeek Research's Outlook for 2002 study. In a related effort, businesses also are taking the necessary steps to ensure that their data stores and transmitted communications aren't compromised in the months ahead.

Regardless of company size, businesses are looking to encryption to achieve this objective. Sixty-two percent of small and 65% of large companies report that encryption ranks among planned projects slated to occur this year. Planned deployment is slightly higher among midsize companies, at 71%. To boost security, 55% of small companies, 69% of midsize businesses, and 57% of large companies plan to invest in intrusion-detection software this year.