LONDON, July 14, 2004 -- Seventy eight percent of corporate executives report that computer security is now the single most critical attribute of corporate networks, according to a new survey and report on networking and business strategy from AT&T in co-operation with the Economist Intelligence Unit (EIU). Security moved to the top of the list from its number two spot in the 2003 survey, replacing network reliability and availability as the most critical network attribute.

The EIU survey of 254 senior executives worldwide on the future of corporate networking reported that although businesses worry about security, the vast majority of executives want to further open up their networks to partners, customers and mobile workers. Much to the chagrin of many information technology (IT) executives, it is a network's openness that can also increase its vulnerability.

"In a global networked economy of Internet connectivity and interoperability, isolation leads to irrelevance for enterprises that can't protect their networks," says Hossein Eslambolchi, president of AT&T Global Networking Technology Services. "Unless security is managed effectively, executives are right in thinking that cyber attacks may yet prove the toughest threat to the sustained development of the networked enterprise."

The worldwide impact of cyber attacks has grown steadily from $3.3 billion in 1997 to an estimated $12 billion in 2003, according to Computer Economics in Carlsbad, California. As a result, protecting networks against malicious intruders and unauthorized activities has become critical to business. The spiraling threats of cyber attacks and increased vulnerabilities are resulting in rising costs, causing network security spending to outpace overall IT expenditures. On average, the firms in this survey devoted 9 percent of the IT budget to network security in 2002; the figure rose to 11 percent last year and is expected to reach 13 percent in 2004.

These and other findings are presented in a new report called Network security: Managing the risk and opportunity, which is now available at http://www.business.att.com/emea/english/whitepaper/.

The survey respondents reveal a clear link between their firms' technology-related goals and their chief information vulnerabilities. More than 80 percent of all the executives surveyed believe that their goals of giving remote workers access to corporate networks and improving the availability of customer data and financial details to employees leave their firms vulnerable or extremely vulnerable to security threats.

The biggest vulnerability of all appears to be people. The survey respondents believe that 83 percent of attacks originate internally, stemming from such actions as internal sabotage, espionage or accidental mistakes. An astonishing admission is that 78 percent of respondents admitted to having opened an email attachment from an unknown person within the last year.

Security spending itself is likely to shift focus over the next few years, moving from layers of perimeter protection and intrusion detection -- which are ultimately untenable as organizations enable more electronic transactions and communication -- to new and better tools aimed at prevention of attacks and a quicker mitigation and remediation of those attacks that happen.

Many firms are turning to managed security service providers to address their increasingly complex security needs. A full 32 percent of survey respondents already use or plan to use managed security services in the next two years. Another 14 percent intend to use them in the long term. However, 70 percent of these firms are small and medium-sized companies.

Turning to managed security service providers is not the only departure from conventional practice wrought by the escalating security threat. The research points to two significant changes in governance: the CEO is increasingly taking ownership of network security policy in some companies, and in others, a relatively new role, the chief security officer (CSO) is emerging. "For any company, it is virtually impossible to ensure protection of assets without one person owning the focal point," says Ed Amoroso, information security officer at AT&T. "It is time that boards start recognizing that a chief security officer is about as important as a comptroller."

AT&T, itself a leader in the area of networking security, has developed a comprehensive set of security services based on its own set of best practices to assess, protect, detect and respond.

AT&T's portfolio of managed security services includes its flagship AT&T Internet Protect service, an early warning security threat service, as well as firewall, intrusion detection, denial of service (DoS) and distributed DoS detection and mitigation, and token authentication. The company also provides a wide range of professional services, such as risk analysis, vulnerability assessments and ethical hacking, so that it can design, manage and monitor networks that act as a "front line" of defense against attacks or other vulnerabilities.

Leveraging the innovation of AT&T Labs and best-in-breed technologies, the company has received recognition from organizations such as Frost & Sullivan for having the most comprehensive set of services offered by any managed security services provider today.

The report Network security: Managing the risk and opportunity is the second in a series of four thought-leadership articles written by AT&T in co-operation with the Economist Intelligence Unit on the future of networking. Subsequent papers will examine the topics of remote working and Voice over Internet Protocol.

http://www.business.att.com/emea/english/whitepaper/

Survey & Research Methodology:

As part of the research for the paper, the Economist Intelligence Unit conducted an online worldwide survey of 254 executives. The majority of respondents came from Europe (40%), North America (27%) and Asia-Pacific (21%). Other respondents came from Latin America the Middle East and Africa. The top five industry sectors represented by the survey respondents were financial services, professional services, manufacturing, transportation and energy. In addition to the survey research, the EIU conducted a series of one-to-one in-depth interviews with senior executives and analysts. All of the survey research took place in March and April 2004.

About The Economist Intelligence Unit

The Economist Intelligence Unit (http://www.eiu.com) is the business information arm of The Economist Group, publisher of The Economist. Through its global network of over 500 analysts, the Economist Intelligence Unit continuously assesses and forecasts political, economic and business conditions in nearly 200 countries. As the world's leading provider of country intelligence, the Economist Intelligence Unit helps executives make better business decisions by providing timely, reliable and impartial analysis on worldwide market trends and business strategies.

About AT&T

For more than 125 years, AT&T (NYSE "T") has been known for unparalleled quality and reliability in communications. Backed by the research and development capabilities of AT&T Labs, the company is a global leader in local, long distance, Internet and transaction-based voice and data services.

AT&T 'Safe Harbor'

The foregoing contains "forward-looking statements" which are based on management's beliefs as well as on a number of assumptions concerning future events made by and information currently available to management. Readers are cautioned not to put undue reliance on such forward-looking statements, which are not a guarantee of performance and are subject to a number of uncertainties and other factors, many of which are outside AT&T's control, that could cause actual results to differ materially from such statements. These risk factors include the impact of increasing competition, continued capacity oversupply, regulatory uncertainty and the effects of technological substitution, among other risks. For a more detailed description of the factors that could cause such a difference, please see AT&T's 10-K, 10-Q, 8-K and other filings with the Securities and Exchange Commission. AT&T disclaims any intention or obligation to update or revise any forward-looking statements, whether as a result of new information, future events or otherwise. This information is presented solely to provide additional information to further understand the results of AT&T.

SOURCE AT&T

Web Site: http://www.att.com

http://www.business.att.com/emea/english/whitepaper