Ireland leads the EU with the highest GDP growth (close to 8 percent) but less than half of Irish firms have a business plan for IT, according to this article published in the Irish Silicon Republic.

This is refreshing news in a sense that it tells the truth, and not having an IT business plan is probably true at most other places in the world. A more meaningful comment in the article, in my view is the statement that:

Only 7pc said they planned to improve the security of existing IT infrastructure this yea

One would initially link not having a plan to not investing in IT security, but there is something deeper going on here I believe. Every year, there is a hit parade of threats and gloomy prognoses for virus and worm exploits (which are usually true more or less). Most of these death and gloom forecasts are written by vendors like McAfee and Symantec, who have a vested interest.The Irish, being practical folk, may be reacting by simply ignoring the FUD tactics of vendors and investing where they feel there is a good ROI. More accurately, half of the firms invest by ROI, the other half don't have a plan anyway and will wait for something to happen first.