Home Cyber Gartner forecasts worldwide security spending to reach $96 billion mark in 2018

Gartner forecasts worldwide security spending to reach $96 billion mark in 2018

by Brian Sims

Market analyst Gartner is forecasting worldwide enterprise security spending to total $96.3 billion in 2018, representing an 8% uptick from 2017. Organisations are now spending more on security regimes as a direct result of regulations, a shifting buyer mindset, the growing awareness of emerging threats and the ongoing evolution towards a digital business strategy. 

“Overall, a large portion of security spending is driven by an organisation’s reaction towards security breaches as more high-profile cyber attacks and data breaches affect companies worldwide,” said Ruggero Contu, research director at Gartner. “Cyber attacks such as those involving the WannaCry and NotPetya ransomware, and most recently the Equifax data breach, have a direct effect on security spend, because these types of attacks last for up to three years.”

This is validated by Gartner’s 2016 security buying behaviour survey. Of the 53% of organisations that cited security risks as the Number One driver for overall security spending, the highest percentage of respondents said that a security breach is the main security risk influencing their security spending.

As a result, security testing, IT outsourcing and security information and event management will be among the fastest-growing security sub-segments driving development in the infrastructure protection and security services segments (see Table 1 below).

Table 1: Worldwide Security Spending by Segment for 2016-2018 (in millions of current $US)





Identity Access Management




Infrastructure Protection




Network Security Equipment




Security Services




Consumer Security Software








*Source: Gartner (December 2017) 

Gartner analysts have said that several other factors are also fuelling higher security spending. For example, regulatory compliance and data privacy have been stimulating spending on security during the past three years in the US (with regulations including the Health Insurance Portability and Accountability Act, the National Institute of Standards and Technology and Overseas Citizenship of India), but most recently in Europe around the General Data Protection Regulation coming into force on 28 May 2018, as well as in China with the Cyber Security Law that came into effect in June 2016. These regulations translate into increased spending, particularly in data security tools, privileged access management and security information and event management.

Multiple data security tools

Gartner forecasts that, by the year 2020, more than 60% of organisations will invest in multiple data security tools such as data loss prevention, encryption and data-centric audit and protection tools, which is up from approximately 35% today.

Skills shortages, technical complexity and the threat landscape will continue to drive the move towards automation and outsourcing. “Skill sets are scarce and therefore remain at a premium, leading organisations to seek external help from security consultants, managed security service providers and outsourcers,” added Contu. “In 2018, spending on security outsourcing services will total $18.5 billion. That’s an 11% increase from 2017. The IT outsourcing segment is the second-largest security spending segment after consulting.”

Gartner predicts that, by 2019, total enterprise spending on security outsourcing services will be 75% of the spending on security software and hardware products, which is up from 63% in 2016.

Enterprise security budgets are also shifting towards detection and response. This trend will drive security market growth during the next five years. “The increased focus on detection of and the response to security incidents has enabled technologies such as endpoint detection and response, as well as user identity and behaviour analytics to disrupt traditional markets such as endpoint protection platforms,” concluded Contu.

*Gartner analysts will further discuss where to deploy technology to add value to security, risk and privacy programs at the Gartner Identity & Access Management Summit. This runs on 5-6 March in central London

Does increased spend equal improved security?

Web security company High-Tech Bridge’s CEO Ilia Kolochenko has stated that the forecast increase in spending will not necessarily lead to better security.

“More does not necessarily mean better. Moreover, in light of the ubiquitous penetration of all types of technology into our everyday life, skyrocketing attacks against SCADA and emerging Internet of Things botnets, the growth of worldwide security spending seems to be very slow and inadequate to cover at least the most important risks.”

Kolochenko continued: “Many people prefer to bid on Bitcoin rather than invest in their cyber security. Results are clearly visible in daily media headlines announcing new data breaches and state-sponsored APTs. Hopefully, companies will re-evaluate their digital risks, implement risk-based cyber security strategies, revise their budgets and implement appropriate security controls designed to mitigate the most probable threats.”

In conclusion, Kolochenko observed: “One should, however, be very careful not to overspend. Many companies can even reduce their current budgets by implementing risk-based approaches to mitigate appropriate threats and vulnerabilities, while also rigorously selecting vendors based on technology and not marketing claims.”

You may also like