Leader: Good news amid the gloom of insecurity?

OK, not really - but at least the right people are getting it less wrong...

In general there are very few silver linings around the clouds which hang above the heads of those charged with securing their company. So we can be forgiven for looking for some.

After all if you're not being criticised for letting staff wander in and plug 60GB iPods into the backs of their PCs, you're being criticised for letting staff open unauthorised CDs on their desktops, IM one-another or open .exe attachments. And if that's not enough you've still got compliance to get wrong and budgets to mismanage (depending on whose appraisal you listen to).

So, well done to the heads of IT security at those financial services companies, healthcare groups and public sector organisations who win the 'tenuous achievement of the week' award by being less bad than a lot of their counterparts in other sectors.

OK, so it's almost a case of damning with faint praise but there is something in this. Work with us here.

A report out today from MessageLabs on the impact of spam and viruses upon organisations, categorised by their vertical, shows those companies whose security and data integrity is likely to be of the uppermost importance are least affected by such threats. At such a broad level it's hard to nail down specific reasons as to why this is the case - or assume the glory is reflected across the whole vertical - but it seems undeniable these companies are among the most likely to have effective protections in place.

Even if the bars on the bar chart which illustrate this are all too tall, the general trend is encouraging as it shows that at least organisations realise where they fit in terms of prioritising the problem.

And that is the best thing we can take away from this. One of the most complex issues to understand with security is effective risk management - understanding what needs to be done as a priority and what will only detract from the budget with few discernible benefits.

The bend of these charts suggests this message is beginning to sink in - though there is clearly some way to go.

As an aside, sadly - but predictably - the report also shows those organisations who lack budget to prioritise such problems, even if they wanted to, are still being fiercely targeted. Education and the not-for-profit sector (a perennial target of hackers) are still very much in the firing line.