Gartner forecasts worldwide security spending to reach $96 billion mark in 2018

Market analyst Gartner is forecasting worldwide enterprise security spending to total $96.3 billion in 2018, representing an 8% uptick from 2017. Organisations are now spending more on security regimes as a direct result of regulations, a shifting buyer mindset, the growing awareness of emerging threats and the ongoing evolution towards a digital business strategy. 

“Overall, a large portion of security spending is driven by an organisation’s reaction towards security breaches as more high-profile cyber attacks and data breaches affect companies worldwide,” said Ruggero Contu, research director at Gartner. “Cyber attacks such as those involving the WannaCry and NotPetya ransomware, and most recently the Equifax data breach, have a direct effect on security spend, because these types of attacks last for up to three years.”

This is validated by Gartner’s 2016 security buying behaviour survey. Of the 53% of organisations that cited security risks as the Number One driver for overall security spending, the highest percentage of respondents said that a security breach is the main security risk influencing their security spending.

As a result, security testing, IT outsourcing and security information and event management will be among the fastest-growing security sub-segments driving development in the infrastructure protection and security services segments (see Table 1 below).

Table 1: Worldwide Security Spending by Segment for 2016-2018 (in millions of current $US)

Segment

2016

2017

2018

Identity Access Management

3,911

4,279

4,695

Infrastructure Protection

15,156

16,217

17,467

Network Security Equipment

9,789

10,934

11,669

Security Services

48,796

53,065

57,719

Consumer Security Software

4,573

4,637

4,746

Total

82,225

89,133

96,296

*Source: Gartner (December 2017) 

Gartner analysts have said that several other factors are also fuelling higher security spending. For example, regulatory compliance and data privacy have been stimulating spending on security during the past three years in the US (with regulations including the Health Insurance Portability and Accountability Act, the National Institute of Standards and Technology and Overseas Citizenship of India), but most recently in Europe around the General Data Protection Regulation coming into force on 28 May 2018, as well as in China with the Cyber Security Law that came into effect in June 2016. These regulations translate into increased spending, particularly in data security tools, privileged access management and security information and event management.

Multiple data security tools

Gartner forecasts that, by the year 2020, more than 60% of organisations will invest in multiple data security tools such as data loss prevention, encryption and data-centric audit and protection tools, which is up from approximately 35% today.

Skills shortages, technical complexity and the threat landscape will continue to drive the move towards automation and outsourcing. “Skill sets are scarce and therefore remain at a premium, leading organisations to seek external help from security consultants, managed security service providers and outsourcers,” added Contu. “In 2018, spending on security outsourcing services will total $18.5 billion. That’s an 11% increase from 2017. The IT outsourcing segment is the second-largest security spending segment after consulting.”

Gartner predicts that, by 2019, total enterprise spending on security outsourcing services will be 75% of the spending on security software and hardware products, which is up from 63% in 2016.

Enterprise security budgets are also shifting towards detection and response. This trend will drive security market growth during the next five years. “The increased focus on detection of and the response to security incidents has enabled technologies such as endpoint detection and response, as well as user identity and behaviour analytics to disrupt traditional markets such as endpoint protection platforms,” concluded Contu.

*Gartner analysts will further discuss where to deploy technology to add value to security, risk and privacy programs at the Gartner Identity & Access Management Summit. This runs on 5-6 March in central London

Does increased spend equal improved security?

Web security company High-Tech Bridge’s CEO Ilia Kolochenko has stated that the forecast increase in spending will not necessarily lead to better security.

“More does not necessarily mean better. Moreover, in light of the ubiquitous penetration of all types of technology into our everyday life, skyrocketing attacks against SCADA and emerging Internet of Things botnets, the growth of worldwide security spending seems to be very slow and inadequate to cover at least the most important risks.”

Kolochenko continued: “Many people prefer to bid on Bitcoin rather than invest in their cyber security. Results are clearly visible in daily media headlines announcing new data breaches and state-sponsored APTs. Hopefully, companies will re-evaluate their digital risks, implement risk-based cyber security strategies, revise their budgets and implement appropriate security controls designed to mitigate the most probable threats.”

In conclusion, Kolochenko observed: “One should, however, be very careful not to overspend. Many companies can even reduce their current budgets by implementing risk-based approaches to mitigate appropriate threats and vulnerabilities, while also rigorously selecting vendors based on technology and not marketing claims.”

About the Author

Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications)

Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting.

In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector.

In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute’s George van Schalkwyk Award.

An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award.

Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site.

Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media.

Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014.

Related Posts