IT security is very much in the spotlight at the moment. And, unlike some IT trends, there is no danger that it is merely enjoying its 15 minutes of fame.

Security is an essential part of the IT infrastructure, part of the technology DNA; and the sooner businesses realise this the better.

The importance of security is reflected in the fortunes of the vendors, who are enjoying a boom period.

According to analyst Datamonitor, security software suppliers saw their revenues grow an average of 14 per cent compared with 2002, way ahead of the IT industry average of six per cent.

Security is no longer a simple matter of throwing some antivirus software at your PCs. It's a serious business concern that requires increasing attention at boardroom level.

Organisations looking to protect themselves and their systems must react to, and tackle, a multitude of threats.

There are of course the 'traditional' virus threats that grew in quantity, severity and sophistication throughout last year. Until now they have been hugely irritating and inconvenient, but while this can cost money and damage reputations, they caused little long-term devastation.

There is no reason to believe this situation will remain the same. Indications suggest that blended threats are becoming more commonplace.

And increasing quantities of spam, combined with new tactics such as phishing, have presented businesses with new challenges and threats.

Add more general issues facing businesses across the globe, such as governance and regulation, and the picture becomes even more confusing.

Companies cannot afford to let their guard down, and must observe best practice processes.

Threats are constantly changing, says John Colley, president and chairman of the International Information Security Standards Certification Consortium and head of information security at the Royal Bank of Scotland, and organisations must keep an eye on what is going on.

But be careful not to veer too far in the opposite direction. "You can never be complacent," Colley warns.

"Assuming that you have a computer team there will be ongoing vigilance. You really do have to rely on these people because just as big a threat is complacency.

"Some airports have security that is so tight it makes it hard to fly. In other airports security is very slack. It's about getting the right balance."

Trends and threats may be changing, but they are not going away.

The sooner businesses realise that security is an inherent part of their IT infrastructure, and something that needs to be addressed as a business issue directed by the board, the better.