A recently published 2000 Computer Crime and Security Survey from the Computer Security Institute/FBI, shows that 273 respondents out of 643 businesses surveyed reported cybercrime losses (e.g. viruses, security breaches, fraud, net abuse, denial of service attacks) estimated at more than $265 million. The report also highlights that about 90 percent of the organisations surveyed / detected computer security breaches within the last 12 months. 70 percent reported serious computer security breaches like proprietary info-theft, financial fraud, system penetration from outside and denial of service attacks. According to SPEX, a leading web-based end user-oriented IT research affiliate of META Group, breaches by hackers and disgruntled employees, penetration of secured transactions and electronic sabotage, are among the highest security concerns of global organisations. It further observes that the recent breaches of security within organisations occur internally—58 percent of the time. However, it predicts that by the year-end, half of all security breaches will be external and the security systems of the future will be "selectively permeable membranes," meaning that some entities will be given access to systems while others will be kept out. The reason: organisations will increase third-party access and this would become a key driver of security issues, requiring the implementation of more complex systems than just traditional firewalls. This will compel IT to pay closer attention to external security.

It is only too obvious that organisations will increase budgets and make security a priority within the IT department The Information Security Industry Survey 2000 says that the number of companies spending more than $1 million on security doubled in 1999. A survey from the META group suggests that organisations plan to spend slightly more on security, averaging to $2.8 million. The study reveals that while spending is increasing and most IT organisations view security as essential, the majority of companies are reactive, rather than proactive, in their approach to security. META Group found that IT organisations rarely adhere to purchasing guidelines for applications. Typically, IT organisations' security policies focus on requiring minimum password lengths and restricting access to software applications, server data files and networks. This indicates a trend toward IT viewing security as an ongoing process and maintenance effort, rather than a proactive endeavour in which purchasing assets are designed to be protected at the outset. Clearly, the network intrusion market is experiencing phenomenal growth and consolidation around more established businesses to provide integrated and comprehensive suites of security solutions that include firewalls, security scanners, network management and encryption components.

In India, there is no reliable data available on the level of security breaches and the spending on the security front. Nonetheless, the scene here could be proportionate with the global phenomenon. Confirms SV Ramana, country manager, systems engineering, Cisco India, "It is true that there is no reporting of security break-ins, most of the times. There is no formal organisation responsible for consolidating and reporting such break-ins in the country. However, it has been observed that over 80 percent of security break-ins are internal to organisations, by intentional or accidental access. We expect that with the IT Bill having been passed, and the legal framework defined for illegal security intrusions, there will be a deterrent for such attacks. Security solutions are available for prevention, and regulation is available for deterrence. With the right security policy, we should see better control on break-ins. Since businesses depend on information, it is vital to establish mechanisms including security tools and methods to protect it." And most of the industry acknowledges that with the remote access to information over public networks, it is necessary to implement security solutions, such as firewalls, intrusion detection systems, systemic scanners and Virtual Private Networks (VPNs) to ensure a tamper-proof network break-in.