Want CNET to notify you of price drops and the latest stories?

IT security spending disappoints

Despite investors' high expectations for the information security sector after Sept. 11, growth rates have been more blah than bonanza, new data shows.

Paul Festa Staff Writer, CNET News.com
Paul Festa
covers browser development and Web standards.
Paul Festa
3 min read
Investors who had hoped that increased security concerns after Sept. 11 would yield an immediate bonanza in the information security sector have been sorely disappointed, according to two new analyses.

The reports come as high-tech companies in the middle of a painful contraction eagerly seek out security-related work, particularly if it involves government contracts.

But the IT security market is in for at least another year of doldrums before sales start to pick up, according to a new report by New York-based Vista Research. According to Vista, the information security market will not see significant signs of a revival until 2004, when corporate IT departments upgrade their security systems.

In addition, a panel recently convened by Thomas Weisel Partners concluded that government expenditures on the cybersecurity front have been more sporadic and less generous than expected but predicted that those funds will eventually loosen up.

"All parties present agreed that spending on homeland security initiatives has taken longer to materialize than initially expected," Thomas Weisel wrote in a summary of its Growth Forum 4.0 conference in Santa Barbara, Calif., last month. "While bureaucratic process could slow contract awards, all agreed that incremental funds will flow into the vendor community over the next 18 to 24 months."

Readers who responded to a recent survey by CNET News.com were more optimistic. Approximately one-third of the respondents ranked security as the highest priority in spending in the information technology industry.

Vista predicted that the security sector--in which it included Cisco Systems, Check Point Software, Symantec, VeriSign and Internet Security Systems--will grow 3 percent this year and 11 percent next year. The growth rate will rise to 18 percent in 2004 with a predicted upgrade cycle and then taper off to about 15 percent growth annually in 2005, 2006 and 2007.

The sector should grow to $11.7 billion in 2007 from about $5.9 billion in 2002, according to Vista.

The current doldrums have manifested themselves in a series of summer downgrades that have hit Internet security stocks including Check Point and Macrovision.

Following last September's terrorist attacks on New York and Washington, D.C., there had been an expectation on the part of investors that information security companies might outperform the overall market, according to Igor Stenmark, senior adviser of research at Vista. Now, however, that seems much less likely

"It's not panning out because security at the end of the day does not save money or generate revenue," Stenmark said. "It's always an afterthought. It's sacrilegious to admit this in public in this climate, but from talking to lots of CIOs we've found this to be true."

While security companies have languished in an era of tight budgets, disaster recovery specialists have found a high-tech silver lining post-Sept. 11. Vista singled out SunGard and its recently acquired Guardian unit as companies that have directly benefited.

Vista also predicted considerable consolidation in the IT security sector over the next year and a half, with mergers and outright business failures winnowing the pool of competitors.

"A lot of the private companies are going to shut down," Stenmark said. "If they haven't broken out yet, they're not going to be able to get funding right now. There are probably more than 300 vendors in the security space, and I don't think there are more than two or three good management teams."