Two thirds of companies increased spending on IT security in 2003, even though they reduced spending elsewhere, according to research by Meta Group.
The research, based on a large survey of IT buyers worldwide, found that 8.2% of IT spending now goes on security products, compared with 3.2% in 2001.
Meta says many organisations spent more resources on security programmes, such as employee education, business continuity and disaster recovery. Organisations have become increasingly aware that current employees pose the biggest threat to security.
In a separate report by security software products company RSA, US information security managers identified denial-of-service (DoS) attacks and hacking as their main IT security concerns.
But despite the increase in spending, RSA said companies are “high in awareness, low on action”.
Half the respondents said the most likely security breach for their company was a virus, while 18% said a DoS attack was the most probable threat. Less than 10% identified other types of security breach, such as hacking, identity theft or terrorist attack.
More than nine out of ten organisations rely on passwords to protect access to information, even though alternative or additional methods, such as biometrics and encryption, are viewed as more effective.