Which is true.

It's also old news - the internet has always had security issues in one form or another, and there have always been various security techniques to mitigate the threats.

It's also always been an arms race of sorts - attacks get more sophisticated, spawning advanced countermeasures, and so on.

The same dynamic has been altering the face of managed security services as well.

Enterprises have always faced the dilemma of whether to handle network security in-house or outsource it to a service provider.

But managed security has been a traditionally tough sell for carriers and ISPs for a variety of reasons, from skittishness over giving a third party control of the corporate firewall to the "insurance" problem of being able to justify the expense - if you contract AT&T Business to manage your firewall and you suffer no attacks that year, is it because AT&T's service worked or because no one tried to attack the network?

But this is changing quickly.

Thanks to a host of market drivers, from the growing nature, volume and variety of threats and concerns over protection of data and even legal liabilities now being imposed by governments in certain markets, enterprises are under increasing pressure to get their security policies in order - and if they can't do it, to find someone who can, says Adrian Dominic Ho, research manager for IDC's Asia-Pacific managed services and enterprises networks.

"Enterprises can no longer ignore security spending given the increasingly sophisticated and rapidly evolving security threats," Ho says. "Today, managed security services are no longer simply about firewalls and anti- viruses.

Enterprises are looking for crisis management, disaster recovery and business continuity services to ensure 24/7 uptime of their business in the event of a significant business disruption."