M&A activity will continue as Computer Associates, Symantec, RSA, Checkpoint and others aim to assemble broad IT security portfolios. No reason for this trend to stop anytime soon. Particularly watch the identity management space. Last year we saw a whole series of ID Mgt acquisitions. Look for authentication acquisitions by the ID Management players (CA, BMC, IBM, HP, Sun and Oracle, the johnny-come-lately of the bunch).

2005 was as bad as 2004 for security breaches, if not worse—with the high profile hacks of ChoicePoint, Lexis Nexis and CardSystems Solutions, all coming to light—and the year ending with the emergence of the worst Microsoft security problem yet.

Actually it probably cannot get any worse. There is now a healthy community of vultures hovering over the Internet waiting to pounce on any new vulnerability that appears. This population of vultures is not going to grow much, but it will remain terribly creative (some of the phishing scams and Internet ad-related scams are pretty damn clever).

At the same time the investment in IT security, driven by a combination of bitter experience and the demands of regulatory compliance has grown (we are talking about a $13 billion market here)—and this is gradually closing some of the loop holes that the vultures had been feeding on.

My favourite IT security stat of 2005 was the zombie network (or ‘botnet’ as it is sometimes called) of 1.5 million PCs which came to light as the Dutch police arrested three hackers. Oh the joys of broadband. Just to think that a mere 5 years ago no hacker could ever dream of a botnet that size.

Will the IT security problem diminish in 2006? No. But it will move to where opportunity is the greatest. The purchase of all this IT security technology does have an effect. It causes cybercrime to move to areas of easier opportunity. That would be the mid-market right now.