Channel Insider content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

A new survey of enterprise IT managers released today showed that as large
organizations struggle with insufficient IT security staffs, cyber-security
threats increasing in complexity and frequency, higher costs incurred by data
breaches and a greater amount of work thrown up by security regulations,
channel partners with distinct security services practices should be able to
find greater numbers of opportunities to sell robust security packages to the

Conducted on behalf of Symantec by Applied Research, the survey questioned
2,100 CIOs, CISOs and senior IT leaders at enterprises with at least 500
employees. It found that among a list of top 2010 IT priorities, better
managing business risk related to IT was the second-highest ranked priority,
just behind improving infrastructure performance. Approximately 42 percent of
participants listed cyber-attacks as the single biggest risk to their
organization, far and away the highest priority above other risks such as
traditional criminal attacks, natural disasters and terrorism.

It is no surprise IT leadership is shifting concern to attacks—approximately 75
percent of respondents reported experiencing a cyber-attack in the last year
and 41 percent said these attacks were somewhat to extremely effective. And
these attacks are hardly a mere inconvenience to IT staffs. They’re costing
enterprises a great deal of money. Respondents reported an average combined
cost of $2 million in relation to these attacks. The most common costs came
from loss of productivity, lost revenue and loss of consumer trust.

Meanwhile, respondents reported that they were by and large feeling
understaffed when it comes to security and unable to respond to these
increasing attacks.

In the wake of this climate, a whopping 94 percent of IT leaders reported they
expect to make changes. Approximately 48 percent say those changes will be

All of this adds up to a great deal of opportunity for the channel, says
Matthew Steele, director of strategic technology for Symantec.

"For organizations in the channel that have a specific security practice,
not just a security product, but a real practice around security, we think
there’s more opportunity for them
and that’s very well-reflected in this report," Steele says.
"Organizations are generally understaffed, and so a great way to build
that up is through security services that are provided in the channel."

Steele says the opportunity is particularly high for service players given the
budgetary considerations of most IT executives in 2010. Many of them are
feeling particularly constrained from a capital expense perspective, but may
have more wiggle room with their operating expenses.

"In the short term, there is no more room for any more capital expense,
but from an op ex perspective they have a certain amount of budget they’re
already spending, and it brings in these two interesting opportunities,"
Steele says. "One is if the security operations can be viewed as helping
them optimize, then they find ways to find some more money to spend on them. It
is also easier from a security perspective to bring in services versus buying