Calling the costs of patching "astronomical," a new Yankee Group survey has found the price of patching soared to as much as $40 million for many enterprises last year.
"The cost to patch 5,000 desktops is more than $1 million, an average of $254 per desktop," said Yankee Group analyst Phebe Waterfield. "Between Jan. 2003 and Jan. 2004 Microsoft released 40 desktop-related security patches, driving the cost to maintain completely up-to-date patch levels to an astronomical $40 million per year."
Waterfield says enterprises are responding to the increasing costs by delaying applying them until multiple patches or service packs are available.
"Organizations patch monthly or quarterly -- vulnerabilities are 'acceptable risks' in light of the cost and risks associated with patching," said Waterfield. "Patches must be tested and rolled out across an enterprise -- this is a very time consuming and expensive process."
"Resources are also needed to deal with any incompatibilities," added Waterfield. "There will always be cases where the patch 'fails' or causes a problem with existing software."
The survey of more than 400 decision makers at medium to large companies found that 54% expect their budgets to increase over the next three years. Where they plan to spend it isn't a surprise. More than half (56%) of respondents said spending would be primarily focused on antivirus, IDS/IPS and firewalls.
Among its predictions for this year: network integrity systems revenue will exceed $250 million in 2004, up from $175 million last year; firewalls will become content-aware; and network and security vendors will acquire or partner with gateway players. Yankee Group also anticipates ISPs, MSSPs, and e-mail and software vendors will acquire the makers of antispam products.