Procurement Intelligence Unit

This weekend the Sunday Times reported that MI5 claimed the Chinese government "represents one of the most significant espionage threats to the UK", due to its increasing excellence at a global industry that has effortlessly shrugged off the worst effects of the economic downturn – electronic hacking.

According to a leaked document, officers from the People's Liberation Army and the Ministry of Public Security have been attempting to lure UK executives into giving away sensitive information through an elaborate 'honey trap', whereby UK businessmen are given expensive gifts containing advanced electronic Trojan bugs, which provide Beijing with remote access to users' computers.

On the rare occasions that MI5 talks, people tend to listen, so bearing these findings in mind it's little surprise that IT security software is fast becoming a top priority – and as companies look to maintain tighter control over both their data and intellectual property, the rush to improve in a potentially vital area shows no sign of slowing.

At present the industry is valued at US$14.5bn, with further growth of 13% predicted over the next 12 months. As a recent supplier market report suggested: "This robust growth is expected despite recession-triggered budget cuts, as security compliance remains a top priority for IT and business executives, driven by immediate need to ensure prevention of data loss and enhance process automation."

As the impact of the global economic slowdown has continued to be felt, the market itself has undergone a consolidation process that many viewed as inevitable, with the top five vendors – Symantec, McAfee, Trend Micro, IBM and EMC – having spent the past two years busily snapping up a number of the smaller niche providers. It's a trend that seems almost certain to continue.

In many ways the geographical spread of the IT software security market reflects the changing face of globalisation, and while North America and Western Europe still dominate, Eastern Europe, the Middle East and Africa, Latin America and Asia-Pacific regions all experienced massive growth in 2008, according to the latest available figures from Gartner.

To fully understand the importance of IT security, it's essential to appreciate just how much of a threat hackers can cause and the increased potency of their attacks. A recent survey by GMG Insights found that cyber attacks were resulting in the majority of North American companies losing as much as US$400,000 on an annual basis. And given that these kind of attacks increased by as much as 322% in 2009, that's a figure that looks likely to continue on an upwards projection.

So are companies doing enough to tackle the threat? The answer is, in short, no. As the levels of scrutiny from both internal and external audits has increased, then so have the numbers of firms failing them. During 2008, almost 50% of companies across the world failed either their internal or external audits – a figure that reveals both the extent of the problem and the impact that this is likely to have on IT spend as we move through the next decade.

For those companies included in that 50% total, the cost to their business can be immense. Factiva, for example, reported that information security breaches can account for over 50% (that number again) of the news stories written about those firms. Security breaches, it seems, sells.

So while the current picture remains unclear, the future – and the ever more complex regulatory environment that it will undoubtedly bring - looks equally murky. Over half of the respondents (52%) questioned in the report revealed that the economic downturn has elevated the role of security within the business. The same number claimed that cost reductions had made achieving the requisite level of security more difficult than ever.

But if life is tough for the corporate giants of this world, then it's even harder for the small and medium businesses that aren't blessed with enormous IT budgets. From spam clogging up in-boxes to accidental data corruption and from external hacking to phishing scams, the threat is omnipresent and presents a very real and present danger.

How well it's mitigated depends on a number of factors – and there is ample evidence to suggest that procurement's collaboration with IT (not a traditionally harmonious relationship) is beginning to play a key role. Clearly when it comes to evaluating the effectiveness and adequacy of a software security solution, IT are best placed to carry out this role. But procurement's influence should also be brought to bear.

As the Sunday Times reported, MI5 are so concerned with the current threat from China that resources are being diverted away from its ongoing fight against Al-Qaeda. And while the UK's new Office of Cyber Security will begin its work next month, the battle against the hackers will continue long into the future.

"Any UK company might be at risk if it holds information which would benefit the Chinese," the MI5 report claims. It would be disingenuous to suggest that the threat comes solely from China, but nevertheless it's a warning that the global business world would do well to heed.