Corporate America's overall spending on security in response to terrorism has increased only modestly, The Conference Board reports in a new study.

The research report, entitled "Corporate Security Management," shows that the median increase in security spending is four percent since September 2001. Seven percent of the companies surveyed have increased their security spending dramatically - by 50 percent or more.

Most likely to have permanently increased their security spending are companies in six "critical infrastructure" industries - transportation, energy and utilities, financial services, media and telecommunications, information technology, and healthcare.

The study is based on a nationwide survey of more than 331 business security directors, risk managers and information technology security officers. More than half of the companies covered in the study generate more than $1 billion per year in sales.

"While nobody knows how much security spending is enough, there are legitimate concerns about corporate vulnerability," says Tom Cavanagh, The Conference Board's expert on security issues and author of the report.

"A four percent median increase in security spending seems counterintuitively small in light of our concerns about terror," says Daniel H. Kropp, CPP, president of ASIS International. ASIS International is a membership organization for security professionals, with more than 33,000 members worldwide.

Kropp sounds two cautionary notes:

"First, whether corporate spending on security is adequate can't be judged nationally, but only by comparing it against the level of threat and the degree of risk faced by an individual company in an individual industry in a selected location.

"Second, throwing money at a problem isn't going to solve it. Given our nation's knowledge and experience at the time, it's hard to imagine the security system that would have prevented what happened on 9/11, or that can protect us from every possible threat today."

Many security experts expected a widespread move to centralize security operations in the wake of terrorist actions, but the study found that most companies have not changed the way they manage security. Only 24 percent have centralized security responsibility in a Chief Security Officer, and few apparently are interested in creating this relatively new position.

Most companies employ less than 50 people to oversee all their security needs, though many use outside security consultants and guard forces to augment their staffs.

The study also found soaring increases in corporate spending for insurance and risk management. Median spending for these two business essentials are up 33 percent. About 20 percent of the companies say their insurance costs have at least doubled since 2001.

The current corporate financial environment is still marked by tight budgets and widespread cost cutting. Virtually all new company spending is being directed only at revenue-generating projects.

Says Cavanagh: "There are only two sources of funds to expand security spending - corporate money or government funds and incentives. Business leaders are reluctant to spend more on security when they don't see it contributing directly to their bottom lines."

The Conference Board study also shows that:

Most high-level security executives come from the law enforcement community (47 percent) or served in the military (33 percent) before joining their companies.

Most top corporate security execs hold titles below the vice presidential level and earn less than $150,000 per year. Only 9 percent report directly to their company's CEO.