Consider those who triple-check the appliances are turned off and the windows are double-locked, each and every time they leave home. Or all the houses with windows covered in bars and roll-down shutters. All that protection against a myriad of possible break-ins, attacks and damage!
Industry pundits often use the house analogy to describe IT security. But are they going too far? Have we inadvertently created a world where we're so petrified of viruses, worms and hackers that we'll do anything and spend any amount of money to protect ourselves? Do we even think about what it is we're trying to protect?
According to Gartner's January 2001 report, Do Security Products Alone Solve the Problem?: "As clients are forced to respond to an increasing number of information security concerns, many are deploying security products often without measuring the effectiveness, establishing the infrastructure or realising the actual costs."
But for every person who has taken security to new levels of absurdity, there are probably thousands (or even millions) who cling to that it-won't-happen-to-me attitude - or those who think if it hasn't happened yet, they can relax.
The challenge facing the channel is how to educate and persuade those people of the very real threat and the very real dangers. But this remains difficult in an environment where companies hesitate (to say the least) to reveal details on how their IT security has been breached.
Companies have their reasons, such as unpredictable public reaction, or the impact of adverse publicity. And I can sympathise with them. Having your company's misfortunes discussed at every corner café must be disheartening.
But I firmly believe that lifting the taboo of discussing IT security breaches would remove some of the misconceptions surrounding the topic. Then, importantly, educating potential customers about the need for IT security would provide the channel with the opportunity to explain their role in providing solutions and support.
So is it any easier now for Channel Xers to educate their customers? Is there an end in sight - a time when people will treat IT security the same as any other form of safety? Perhaps.
A recent Deloitte Touche Tohmatsu and ISACA study, which looked at the state of e-commerce security around the world, found only 20 per cent of all organisations in Asia-Pacific have formal security strategies and policies in place. Although citing unauthorised access and a lack of globally accepted e-commerce standards and guidelines as their main security concerns, the majority of surveyed organisations lacked clearly defined security policies.
Obviously, the channel needs to convince Australian businesses that IT security has to be an integral part of their business practices. The message is clear. If you don't protect your business, you lose your business. That has to be one of the strongest (and easiest) sales pitches we have today.
Photograph: Vivienne Fisher, associate editor, Australian Reseller News