This year will be a time of reckoning for the IT security industry as spending begins to decline, Gartner told the RSA Conference in San Francisco last week.
Victor Wheatman, managing vice-president at the analyst, said that by 2006 security spending will have dropped to four or five per cent of corporate IT budgets. In more efficient companies it could fall further with no harm to the level of protection, he claimed.
"It is a myth that the more you spend on security the more secure you are," Wheatman said. "This will be the year of reckoning for security spending. The lowest-spending organisations - often the most efficient - can and will safely reduce spending to three or four per cent [of corporate IT budgets]."
However, Ian Kilpatrick, managing director of security distributor Wick Hill, said he believes Gartner could be right, but for the wrong reasons.
"There has been a fundamental shift in the way security is budgeted. People are wrapping security into other budgets, such as application budgets, or the budget for allowing teleworking," he said.
"[Security] is put to boards as a business benefit, not as an additional cost. It is becoming a component to a solution, whereas five years ago it was a bolt-on."
This could mean that firms' stand-alone security budgets are dropping, but that spending on security as part of a solution will remain buoyant, Kilpatrick said.
"If security was needed for just one gateway into the business, then that would be easy. But there are new gateways opening up all the time with mobile working and wireless. Organisations have to secure much more," he said.
Heard at the RSA conference
Gartner told attendees that nearly 10 million people in the US suffered from some kind of online fraud last year. The analyst's survey of US consumers estimated the total cost was $1.2bn.
Security firm Symantec launched an attack on Microsoft, claiming that the software giant cannot handle enterprise IT security because it lacks the specialist skills and business practices.
Microsoft announced that a newly developed version of Internet Explorer will begin shipping this summer. Internet Explorer 7 was due to be released in 2006, but concerns about security forced Microsoft to initiate an early release of the code.
Cisco unveiled the next phase of its self-defending network security strategy, dubbed Adaptive Threat Defense.
Security firm set to become part of acquisitive Shearwater Group
Distributor merges three northern sites into one new hub in Warrington
Activist investor puts forward five director candidates as turmoil continues at security giant
Nima Green asks what is driving public cloud uptake in Germany