Information Security Spending Is Growing. What Businesses Need to Know

September 10, 2017


The cybersecurity market continues its steady growth, with a 7 percent increase in 2017 – $86.4 billion, and going up to $93 billion in 2018, according to Gartner’s latest forecast. But information security is just part of the larger cybersecurity market that includes: IT security, consumer security, medical device security, IoT and embedded systems security, Industrial Control Systems (ICS), and others. Looking a bit further, Cybersecurity Ventures has predicted global cybersecurity spending will exceed $1 trillion from 2017 to 2021. This is the effect cybercrime has on the information security market – over 80 billion growth in 13 years, that’s almost 25 times more than 2004’s entire cybersecurity market ($3.5 billion).

Gartner’s forecast includes end-user spending (enterprise and customers), focusing on pressing issues like fast-growing markets, what’s driving the spending, or fading cybersecurity segments.

Let’s take a look at what businesses need to take from this.

The spending drivers

Cybercrime is constant nowadays. Not a single day goes by without at least a few headlines about a new breach. The frequency and sheer magnitude of these attacks force board level involvement as well as continuous regulatory changes.

“Rising awareness among CEOs and boards of directors about the business impact of security incidents and an evolving regulatory landscape have led to continued spending on security products and services,” said Sid Deshpande, principal research analyst at Gartner.

We’re actually witnessing the expected reaction to cybercrime. Organizations need general protection from cyberattacks, but they also need to secure their interactions with other organizations. Gartner’s forecast shows that spending wisely has never been more important. It’s time to get the basics right.

“However, improving security is not just about spending on new technologies. As seen in the recent spate of global security incidents, doing the basics right has never been more important. Organizations can improve their security posture significantly just by addressing basic security and risk related hygiene elements like threat centric vulnerability management, centralized log management, internal network segmentation, backups and system hardening,” said Mr. Deshpande.

image: Wikimedia Commons

The fast-growing markets

Several segments are showing fast growth, according to the Gartner forecast. Security services will remain the segment that will expand the fastest in the following years, particularly IT outsourcing, consulting and implementation services.

There’s good news for the infrastructure protection segment as well, but for a smaller base. Gartner’s forecast highlights fast growth in the security testing market because of those constant data breaches mentioned earlier, and growing demands for application security testing as part of DevOps. This segment will continue to grow through 2021 due to increased spending on emerging application security testing tools, specifically interactive application security testing (IAST).

We’ve gone through the thriving segments, but every evolution leaves something behind. Some Most technologies tend to become obsolete at one point, and the cybersecurity market is no exception to that rule. In this case hardware support services will see growth slowing. The adoption of virtual appliances, public cloud and software as a service (SaaS) editions of security solutions have reduced the need for hardware support. In the next 4 years this trend will most likely push hardware support even further in the background.

image: Descrier

Future developments

1. There’s a general panic among European organizations, mostly because of the EU General Data Protection Regulation (GDPR). This will directly influence data loss prevention (DLP) buying decisions through 2018. Organizations that have DLP in place will look for additional capabilities they need to invest in, while the ones that don’t have DLPs will have to increase their capabilities as soon as possible.

2. U.S. vendors can’t really compete with Chinese prices, no one ever could. By 2021 over 80 percent of the large businesses in China will use network security equipment from local vendors. On June 1st 2017, China’s Cybersecurity Law came into effect. Though the law is intended to bring China in line with the global best practices for cybersecurity, foreign companies are concerned about vague terminology and absent official guidance on complying with the law. Combined with competitive pricing from Chinese solutions, this new law will contribute to the decline of U.S.-manufactured network security products on the Asian market.

3. According to Gartner’s forecast, many large organizations should already be looking for managed security services (MSS) contracts bundled with other security services and broader IT outsourcing (ITO) projects. It makes sense for organizations to opt for security consulting and ITO providers that offer customizable delivery components, sold in a bundle with MSS. These contracts will drive a considerable growth for the MSS market all the way through 2020, simply because it’s a more efficient and reliable way to deal with the complexity of designing, building and operating mature security programs in a short time span.

Over $1 trillion in cybersecurity spending by 2021 is quite mind-blowing, but cybercrime damages will probably cost the world $6 trillion annually by that time, according to Cybersecurity Ventures. We are all impressed by this market’s rapid and uncontrollable growth, on some level it’s even fascinating, but now there’s something else businesses will have to address:

Can they really keep up with cybercrime?