Security Stands In Line Behind Other PrioritiesSecurity Stands In Line Behind Other Priorities

What's a company to do? The Federal Trade Commission reports that identity theft is skyrocketing, and the 2002 CSI/FBI Computer Crime and Security survey places the average loss to financial fraud at $4.6 million and the average cost of a virus attack at $283,000. For the most part, short-sighted priorities get in the way of effective security efforts.

Half of the business-technology executives in Gartner's U.S. Security Services 2002 survey report that other projects take precedence over IT security. When IT security is a low priority, those charged with establishing and enforcing its policies lose leverage, and security managers aren't able to convince budget holders to pay for the cost of security products.

Because it's tough to place security projects on the corporate action list, you might assume that companies off-load the responsibility to outsourcers. But according to the 131 business-technology executives Gartner interviewed, the majority of companies use only managed antivirus security services--60% say they pay for such services, 40% outsource firewall management and monitoring, and 27% pay for intrusion-detection services. And while Internet applications are the target of choice, few companies seek outside help when it comes to shoring up Internet-facing servers and applications.

Share your security-services experiences with us.

George V. Hulme
Senior Editor
[email protected]

Contracted Counsel
What security-consulting services are under contract at your company?

The Sapphire or Slammer worm recently did major damage across the Internet, even though companies had the means to patch the vulnerability since last summer. Perhaps the 27% of sites in Gartner's study that depend on security-consulting services for configuring their Internet-facing servers against vulnerability enjoyed the advantage this time.