IT security budgets are set increase by ten per cent next year as spam, identity fraud and regulatory compliance move higher up the business agenda.

But the priorities of IT departments are changing, with half of every security-related pound being invested in staffing and external services, such as vulnerability audits and risk assessments.

Only 30 per cent of IT security budgets will be spent on products in 2005, with policy design and maintenance and staff training receiving the most attention, according to Meta Group's survey of 500 European information security professionals.

'IT security is being treated far more strategically,' said Peter O'Neill, Meta's vice president for consulting.

Spam is also becoming a major concern with 94 per cent of companies saying content-filtering technologies are crucial to put a stop to excessive advertising, viruses and malicious wares spread through junk email.

But firms outsourcing core parts of their business need to tighten security, with only 57 per cent currently reviewing and approving security controls put in place by outsourcers, warns Meta.