Security

Statistics :

Total Worldwide Security Software Market Revenue Forecast by Segment (Millions of Dollars)

	2001	2002	2003	2004
Antivirus	1,076.40	1,199.70	1,372.00	1,521.30
IDS	153	182.7	218.3	263.1
Encryption-All	314.8	325.2	367.3	431.2
Other Security	1,554.10	1,590.50	1,678.10	1,796.40
Total	3,098.30	3,298.20	3,635.70	4,012.00

Source: Gartner Dataquest (December 2002)



Quotes:

Gartner analysts said that through 2005, 20 percent of enterprises will experience a serious (beyond virus) Internet security incident. These crimes are targeting information and intellectual property. While the majority of enterprises will not face such an attack, companies must still take the proper precautions. Being a victim of one of these security incidents could be much more costly for enterprises if they don't protect themselves.

"'It takes only one unsecured machine on a network to create potential risk for everyone else," said Richard Hunter, vice president and Gartner Fellow. "The risks and the costs of defenses are high, and the trend is moving both upward.'"

"'As enterprises turn their collective attention away from tactical security issues stemming from homeland security initiatives and back to infrastructure security, they will witness an evolution from after-the-fact improvements to more secure and thus more expensive products,'" said Victor S. Wheatman, managing vice president for Gartner.

Source: "Gartner Says That Through 2005, 20 Percent of Enterprises Will Experience a Serious Internet Security Incident," August 7, 2003

"'Identity theft is not necessarily a high-tech crime, and can just as easily damage the credit reputations of low-tech adults who don't spend any time on the Internet,'" said Avivah Litan, vice president and research director for Gartner.

"'More than half of all identity theft - where the method of theft is documented - is committed by criminals that have established relationships with their victims, such as family members, roommates, neighbors, or co-workers,'" said Litan, citing numbers published by the Federal Trade Commission.

"'Many banks, credit card issuers, cell phone service providers and other enterprises that extend financial credit to consumers don't recognize most identity theft fraud for what it is,'" Litan said. "'Instead they mistakenly write it off as credit losses, causing a serious disconnect between the magnitude of identity theft that innocent consumers experience and the industry's proper recognition of the crime. This causes a disincentive to fix the problem with the urgency it requires.'"

Source: "Gartner Says Identity Theft Is Up Nearly 80 Percent," July 21, 2003

"'The focus on critical infrastructure protection means that the government, utilities, transportation and energy sectors will be forced to spend more on security,'" said John Pescatore, vice president and research fellow at Gartner.

"'In addition, increased enforcement of copyright laws and liability concerns will force universities to increase security spending. Those vertical industries will be the most attractive targets for security vendors,'" Pescatore said.

"'Security spending can't continue to consume ever-increasing portions of the IT budget. No enterprise can afford to spend more on insurance than on new product development,'" Pescatore said. "'By 2005, security groups that can't demonstrate security effectiveness metrics will experience flat to declining IT security funding.'"

Source: "Gartner Says IT Security Spending Will Be More Than 5 Percent of IT Budgets in Most Industries in 2003," June 3, 2003

As enterprises try to implement more detailed security initiatives, many will find that they need outside support to achieve their goals. By 2005, 60 percent of enterprises will outsource monitoring of at least one perimeter security technology, according to Gartner, Inc.

"'Most enterprises will not have the resources to do an effective job at keeping the bad guys out and letting the good guys in. Outsourcing keeping-the-bad-guys-out effort is a driver for the managed-security market,'" said Victor S. Wheatman, managing vice president for Gartner.

"'Enterprises should evaluate managed security services providers that have approximately 50 professional service professionals because those companies will likely become the enterprise's security provider,'" Wheatman said.

Source: "Gartner Says 60 Percent of Enterprises Will Outsource Monitoring of at Least One Perimeter Security Technology by 2005," June 2, 2003

"'Security managers and CIOs are well aware of the threat posed by insiders, but often find it easier technically and politically to take action against external threats instead,'" said Victor S. Wheatman, managing vice president for Gartner. "'Businesses must take steps to secure themselves against criminally intent insiders or resign themselves to suffering significant losses from insider crimes.'"

"'There is a delicate balance between limiting insider access to information and crippling the ability to create revenue,'" said Richard Hunter, vice president for Gartner. "'Generally, this conflict between security and commerce is resolved in favor of creating revenue and therefore facilitating insider crime.'"

"'Most businesses don't have procedures for establishing and enforcing agreements on shared use of intellectual property,'" said Wheatman. "'Without such legal agreements, misuse is more likely and less subject to recovery.'"

Source: "Gartner Says 60 Percent of Security Breach Incident Costs Incurred by Businesses Will Be Financially or Politically Motivated," May 29, 2003

"'Government agencies and IT security vendors should face the cold reality that the DHS has earmarked only a sliver of money for technology projects-$10 million out of $700 million awarded in this round of grants,'" said John Kost, managing vice president for Gartner. "'Just when governments face massive budget deficits, the threat of terrorism has increased law enforcement payrolls dramatically. The vast majority of this money from the DHS will be spent on supporting increased payrolls rather than on innovative technologies to enhance homeland security.'"

"'Technology has proven it can strengthen homeland security and the need is strong, but technology leaders and vendors lack the needed political clout relative to law enforcement,'" said Kost. "'Improving homeland security will depend in part on whether the leaders in various jurisdictions let their technology teams be creative, not just their budget directors.'"

Source: "Gartner Says IT Solutions for Homeland Security Need More Political Clout," May 28, 2003

"'The inhibiting effects of the economic downturn and buyers' remorse over previous grand plan security initiatives are in balance with a defensive stance driven by modern political realities as well as demands for privacy,'" said Victor S. Wheatman, vice president and research area director for Gartner.

"'The result is that enterprises tend to implement products and services that are 'good enough', while navigating through minefields of over-promoted products, or products so advanced, the need is not readily apparent,'" Wheatman said.

"'Investing in an overhyped technology too early can result in a complete waste of enterprises' security funds. Enterprises should focus on their assessment of business needs and threats to prioritize security needs,'" said Wheatman.

Source: "Gartner Says Previously Over-Hyped Security Initiatives Are Resulting in More Cautious Implementation in 2003," March 25, 2003

"By 2005, Bluetooth technology will cost businesses and consumers worldwide an additional $5.6 billion annually as a result of added support and usage costs necessary to use the technology, according to Gartner, Inc."

"Security flaws and interoperability problems will make Bluetooth-enabled devices inadequate for use without additional spending to correct the problem areas, according to Gartner. By 2005, Gartner predicts that more than 560 million Bluetooth-enabled devices will be purchased by businesses and consumers."

"'Bluetooth deployment costs will be higher than other wireless technologies because of limited interoperability and the need to implement policies to safeguard against data corruption and theft,' said Bill Clark, research director for Gartner.'"

Source : "Gartner Says Bluetooth Security and Interoperability Flaws," September 3, 2002

"Through 2005, 90 percent of cyberattacks will exploit known security flaws for which a patch is available or a solution known, according to GartnerG2, a research unit of Gartner, Inc. Gartner analysts presented their outlook for cyperattack prevention today at Gartner Symposium/ITxpo in San Diego, California."

"GartnerG2 analysts said that not only are patches available before the cyberattacks, but 90 percent of the attacks are imitation ones. Moreover, recent cyberattacks could have been avoided if enterprises were more focused on their security efforts."

"'Nearly every major attack to hit the headlines involved the exploitation of known security flaws for which a patch or defense was widely known,' said Richard Mogull, research director for GartnerG2. 'Estimated losses from Code Red and Nimda were in the billions of dollars, yet Code Red exploited a flaw for which a patch was available, proving that we never learn from our mistakes. Nimda exploited the same flaw just a few months later. Both continue to survive on the Internet today.'"

"Through 2005, 20 percent of enterprises will experience a serious (beyond a virus) Internet security incident. Of those that do, the cleanup costs of the incident will exceed the prevention costs by 50 percent."

Source: "GartnerG2 Says Enterprises Are Not Doing Enough to Prepare for Cyberattacks," May 1, 2002

"According to Gartner, Inc. 41 percent of U.S. citizens are opposed to the creation of a national identification database to identify citizens and visitors to the United States. Only 26 percent of U.S. citizens agreed that such a database should be established. Opposition to such a database was particularly strong in the southern, western, and midwestern regions of the United States."

"Overall, if such a database were created, survey respondents ranked private institutions -- especially banks and credit card companies -- as more trusted than any government agency where national ID administration is concerned. 'The technology is ready now. Public opinion is not,' said Richard Hunter, GartnerG2 vice president and research director, security. 'Our survey shows that the public supports a national ID only for very specific, limited purposes, and people are quite suspicious of what governmental agencies might do with it.'"

"Gartner's survey shows overwhelming support for the use of national IDs at airports and as a means to gaining entry to the United States, for example, and much less acceptance of national IDs as a means to controlling access to healthcare and banking services. 'People fear what they don't know,' Hunter says, 'and it's clear that many U.S. citizens fear the worst where national ID is concerned.'"

Source: "Gartner Reports Strong Opposition to a U.S. National Identity Program," March 12, 2002

"More than $700 million in online sales were lost to fraud in 2001, representing 1.14 percent of total annual online sales of $61.8 billion, according to GartnerG2, a research service from Gartner, Inc. Online fraud losses for 2001 were 19 times as high, dollar for dollar, as fraud losses resulting from offline sales. A new survey by GartnerG2 showed that adult consumers in the United States are beginning to adopt credit card company solutions designed to protect against online fraud."

"An Internet survey of more than 1,000 adult U.S. online consumers, conducted in January 2002, showed that 5.2 percent of respondents were victimized by credit card fraud in 2001 and 1.9 percent were victimized by identity theft (although respondents do not know whether the theft occurred online or offline)."

"'After years of missteps, the credit card companies have finally got it right with their consumer authentication technology. Consumers are willing to adopt the easy-to-use password-based applications,' said Avivah Litan, Vice President and Research Director, GartnerG2."

Source: "GartnerG2 Says 2001 Online Fraud Losses Were 19 Times as High as Offline Fraud Losses," March 4, 2002