In the next few years IT managers will waste billions of dollars on security products and services feeding a spending frenzy that will peak in 2004.
Identifying a five-year security spending boom, a report by Forrester Research warns "security is being set up to do a poor job at a high price; reactive investments over the next four years will leave companies little better off than they are today".
Global 2500 companies participated in the survey which reports security spending in the US alone will top $US19.7 billion by 2004, but billions will be wasted due to a 'shotgun' approach.
Despite predictions of 300 per cent hyper growth over four years the report says management remains disconnected from security which is reflected in poor decision-making in areas of spending.
It says business has fallen into the trap of trying to protect everything, ignoring the fact that some assets have more business value than others.
The report cites examples of CEOs demanding action when security issues flare: "When the CEO calls after reading about DOS attacks in the media he wants results, and knee-jerk funding of intrusion-detection systems will drive internal spending."
Recognising that the Internet is the key driver in the cycle of security spending, Forrester says the boom will fade in 2005.
The report reveals a significant shift in spending during this time with a substantial boost to outsourcing and the use of external security services.
Despite a preference for internal solutions, people skills, money and time restraints are driving this trend.
Most company budgets now go to core system security, but by 2002 the report says this percentage will be lowered to direct more funding towards access control and incident response.