It's no longer just about spam. For vendors it's a global, US$5 billion-plus secure content management market (SCM), covering spyware, phishing and other malicious code.

As Clayton Utz CIO Garry Clarke explains, the IT security landscape is very "vendor driven".

"There is a lot of hype and some vendors are almost unethical in trying to generate a need for their service or solution," Clarke said. "I get 10 cold calls a day; but what's worse is vendors that go to the CEO or board members to say 'your IT person isn't speaking to me and I have a solution you need'. CIOs know when the business needs a particular product."

Clarke referred to a large, global infrastructure company that sends him five different marketing blurbs but in each his name and title are totally different.

"Security is obscure because it's not just locks on doors; it is far more intangible," he said.