Security hype: IT press "doing more harm than good"

If you cut us do we not bleed...?

The media has come in for fresh criticism this week with Gartner research director Jay Heiser accusing the press of "doing more harm than good" when it comes to reporting on issues of security.

Speaking at the Gartner IT security summit in London, Heiser said a "hype cycle" and widespread scaremongering are rife within the media which is drowning out the more serious messages that should be reaching users.

Heiser denied a suggestion from the floor that vendors are as guilty for putting out conflicting messages about 'worst case scenarios' and the cost of virus damage, pointing the finger squarely at the press.

Heiser said headlines screaming out the dangers of threats or 'sexing-up' the risk of the latest vulnerability skew companies' efforts and have a negative impact on their ability to resource their information security efforts.

However, he added that ultimately the readers are to blame for what he called "social propaganda".

"Why does the media do this? Because we want to read it," he said.

"We're being yanked around. I genuinely believe the press does more harm than good but it's our fault."

(Read silicon.com's response to this accusation, here.)

Heiser conceded that everybody putting out messages about security and threats – from vendors and the press to government and think tanks, and presumably analysts - "has their own agenda" but it is ultimately the responsibility of the press to manage those agendas.

Vendors may want to raise the stakes of their worst case scenarios to shift more software and the press may let the desire to shift more copies or attract more clicks affect their decisions on whether to use quotes or predictions from vendors, he suggested.

Simon Perry, VP security strategy at CA, said to point the finger of blame at all media is unfair, as it would be to brand all vendors irresponsible, but he believes many press are suckered in by vendors' attempts to gain "free marketing" - especially mainstream media who may not know when to make a judgement call on the severity of a threat.