The terrorist attacks of 11 September 2001 have spurred a burst in spending on IT security and business continuity products, according to market research company IDC.

By 2006, IDC expects the market for security and business continuity products to surpass $150 billion, accounting for 10% of total IT spending. At present, they account for 7% of IT spending.

But although sales of security and business continuity products are growing twice as fast as the overall IT market, IDC warns that current levels of spending may still not be enough to ensure that organisations are adequately protected.

"We think September 11 wasn't the wake-up call for enterprises that it should have been," says John Gantz, IDC's chief research officer. "The truth is that this is still a high-growth opportunity for IT security and business continuity vendors."

One of the reasons that organisations are still exposed to security risks, say IDC analysts, is that many decision-makers still perceive security and business continuity as IT issues rather than business issues. Compounding that is the fact that vendors of these products often play on IT managers' fears of coming under attack, rather than emphasising the overall business value of having effective security and disaster recovery mechanisms in place.

The fragmented nature of the business continuity and security markets also makes purchasing decisions difficult for IT managers. The two markets are very distinct and products from each are rarely sold in tandem.