The news last week that two of the bigger names in the US computer security business were merging to create CyberTrust is the latest sign of change in the sector.

The new company, formed from TruSecure and Betrusted, is the eighth largest security company in the world and joins together one supplier with a reputation for threat intelligence with another known for managed services.

It also propels TruSecure along a path that seemingly is being followed by Symantec, Microsoft and many others.

Computer security companies are consolidating, which for an industry that two years ago was, according to one analyst, 'in the doldrums' - seems to be a fairly spectacular turnaround.

The reason for this sudden burst of castle-building and intelligence gathering is new corporate governance regulations and the potential threat of legal action against chief executives for negligence.

Over the summer, a top US computer security adviser told me he was once asked to give a talk on computer security risks to the chief executive of one of the biggest companies on Wall Street.

The adviser, a top civil servant in the Reagan administration, was stopped in mid-flow by the businessman, who said he wanted his lawyer present.

The lawyer was sent for, the adviser recounted the information he had given the chief executive and there was a hurried discussion between the businessman and the lawyer.

The businessman politely terminated the conversation. The reason was simple - what the executive did not know, he could not be held accountable for.

But in the wake of legislation such as Sarbanes-Oxley and Basel II and the planned European Union Auditing Directive, things have changed.

Senior executives are already having to sign pieces of paper to confirm their accounts are accurate, and if they are subsequently found not to be, they could go to prison.

Coupled with the emergence of Russian techno-crime gangs targeting the US and Europe, these factors are changing the computer security market and causing widespread repercussions.

Chief among these is the profile of computer security. Scan the papers and it would appear the world is about to be swept away by cybercrime.

Every day's email sees another phishing letter appear in the inbox, most coming from computer programmers in St Petersburg and the former Russian Baltic States working for organised crime syndicates. Warnings of computer viruses have become a fact of business life.

But it is only when those incidents are examined in a little detail that their significance becomes obvious. Take a couple from last week in the US.

In one incident mentioned by the US Secret Service, a 'logic bomb' destroyed 10 million customer records. In another, a phishing attack on a US bank, an error by the criminals caused the bank's servers to collapse for two days.

The phishing gang had sent 50 million emails in the bank's name from spamming lists it had bought. But 10 million were bogus names, so when the emails were rejected they were returned to the bank, causing a denial of service attack that took down its system.

Both were very visible events, and not the sort of thing that can be swept under the carpet as has often happened in the past - which is another irritant for the chief executive.

Forced to cut costs and make a return on investment, technologies such as voice-over-IP become very attractive. But when you are hit by a virus and your computers go down and your staff cannot communicate, computer security becomes 'mission critical', and your shortcomings as a leader are there for staff and customers to see.

Sarbanes-Oxley also affects those wanting to do business with the US - any flow of information into areas that are regulated is now controlled.

If you wish to do business with a bank or telco and you have to share data, you have to conform to the regulations that govern their data and many big companies are already falling in line.

Small wonder then that companies such as CyberTrust are forming.

According to John Holland, European managing director of CyberTrust, one of the drivers for the vendor is to be able to deliver intelligence on computer vulnerabilities on a worldwide basis so customers can really see what's going on.

If you know what's going on, you can protect your business and your data, so you can sign off the accounts safe in the knowledge there is no chance of prison.

In the future, part of that reassurance will be knowing the suppliers you are dealing with can also offer similar levels of assurance.

According to John Regnault, head of security for BT, the telco is insisting that suppliers guarantee comparable levels of computer security to BT.

Soon larger companies will be regularly demanding their suppliers do this, so chief executives can protect themselves against the poor computer security of any suppliers who may contaminate their data.

What do you think? Email feedback@computing.co.uk

If you want to be first with the news, visit Computing every day.

Further reading:
More stories on these topics:
Permalink  Comments  Forward
what do you think?
Click here for more Post your comment
Click here for more Send an email to the Computing editor at feedback@computing.co.uk
Reader comments for this story
Post your comment Post your comment   What is this?
Like this story? Spread the news by clicking a link:   Post this to Delicious del.icio.us     Post this to Digg digg this     Post this to reddit reddit!

related content
latest news
A VirginTrain
Communications
BulletVirgin Wi-Fi is hit by delays
Onboard web service due to arrive in 2007 is behind schedule  21 Aug 2008
NHS procedure
Public Sector
BulletConservatives seek "vision" for NHS IT policy
The British Computer Society will conduct an independent review of NHS IT policy  21 Aug 2008
crowd of people
Public Sector
BulletGovernment urged to scrap paper census
Better public sector data sharing would provide all the necessary information, says think tank  21 Aug 2008
Click here for more More news
latest in depth
EU flags
Public Sector
BulletData retention plans draw further criticism
Privacy fears over directive that will allow organisations to view emails, texts and web use  21 Aug 2008
Men using mobile phones
Management
BulletIT staff survive credit crunch
Firms recognise need for IT ­ – but staff must keep skills up to date  20 Aug 2008
Oyster card
Public Sector
BulletMixed reaction to decision by TfL to end Oyster contract
Transport for London cuts its ties with the TranSys consortium and begins plans for its replacement  21 Aug 2008
Click here for more More in depth

Advertising Marketplace

Sponsored links

Featured jobs

IT Development Manager/Project Manager
Guildford, Surrey, United Kingdom | Enstar
 IT Development Manager/IT Development Project manager - Guildford - £40k - £60 plus benefits   Enstar (EU) Limited (formerly Castlewood (EU) Limited) is seeking an IT Development Project Manager and an IT Development Manager to ... more >
Business Development and Partnership Director
United Kingdom | Sussex HIS via Acertus Ltd
Business Development and Partnership Director - £62,337 to £77,179 plus benefits Any Sussex HIS location by agreement  The Sussex HIS was formed in mid 2004 through the merging of all IT services from all Trusts ... more >
Senior Business Analyst
London, United Kingdom | Utilyx
Senior Business Analyst - London Highly professional individual capable of working at senior / board level with blue chip clients - shaping and driving the analysis and design of their energy management solutions Proven capability ... more >
IT Project & Programme Managers
London, United Kingdom | MI5
Programme Managers - Project Managers -Project Support Staff - Competitive Salary + Excellent Benefits - London   Getting the best out of technology is critical to helping us protect the UK. Join MI5 and use ... more >
Click here for more  More job opportunities