Operations

12/8/2017
12:15 PM
50%
50%

Gartner: IT Security Spending to Reach $96 Billion in 2018

Identity access management and security services to drive worldwide spending growth.

Worldwide IT security spending is expected to climb 8% next year to $96.3 billion, fueled by investments in identity access management and security services – two areas on tap to rise faster than the overall spending growth rate, according to a Gartner report released this week.

Identity access management (IAM), the smallest slice in the overall IT security spending pie, is expected to jump 9.7% to $4.7 billion in 2018 over the previous year, the report states. Rising regulatory compliance and data privacy requirements over the past three years are driving demand for IAM products and services across the globe, according to the report, which points to the EU General Data Protection Regulation (GDPR) as one example.

Security services, the largest slice of the spending pie, is projected to increase 8.8% to $57.7 billion in 2018, compared with the previous year, Gartner reports. This spending jump is fueled by a skills shortage, growing threat landscape, and complexity in managing IT security, the report finds.

And within the security services sector, spending on outsourcing services is expected to jump 11% to $18.5 billion in 2018.

"Skill sets are scarce and therefore remain at a premium, leading organizations to seek external help from security consultants, managed security service providers, and outsourcers," Ruggero Contu, Gartner research director, said in a statement.

 

Worldwide spending on infrastructure protection is expected to rise 7.7% year-over-year in 2018, aided by demand for security testing and security information and event management (SIEM) technologies and services, according to the report.

Network security equipment spending is expected to increase 6.7% in 2018, compared with the previous year, while consumer security software is expected to tick up a mere 2.4% in the same time period.

"Overall, a large portion of security spending is driven by an organization's reaction toward security breaches as more high profile cyberattacks and data breaches affect organizations worldwide," Contu said. "Cyberattacks such as WannaCry and NotPetya, and most recently the Equifax breach, have a direct effect on security spend, because these types of attacks last up to three years."

Despite the projected 8% increase in IT security spending in 2018, High-Tech Bridge CEO Ilia Kolochenko does not believe it is enough.

"In light of the ubiquitous penetration of all types of technology into our everyday life, skyrocketing attacks against SCADA, and emerging IoT botnets, the growth of worldwide security spending seems to be very slow and inadequate to cover at least the most important risks," says Kolochenko in a statement.

By 2020, Gartner forecasts more than 60% of organizations will have multiple data security tools, such as, data loss prevention, encryption, and data-centric audit and protection tools. That will be nearly double the 35% penetration rate for multiple data security tools today, the report notes.

Enterprises, meanwhile, are projected to shift their budgets toward detection and response solutions, which will drive IT security spending even further over the next five years, Gartner reports.

"This increased focus on detection and response to security incidents has enabled technologies such as endpoint detection and response, and user entity and behavior analytics to disrupt traditional markets such as endpoint protection platforms and SIEM," Contu says.

Related Content:

Dawn Kawamoto is an Associate Editor for Dark Reading, where she covers cybersecurity news and trends. She is an award-winning journalist who has written and edited technology, management, leadership, career, finance, and innovation stories for such publications as CNET's ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Google Engineering Lead on Lessons Learned From Chrome's HTTPS Push
Kelly Sheridan, Staff Editor, Dark Reading,  8/8/2018
White Hat to Black Hat: What Motivates the Switch to Cybercrime
Kelly Sheridan, Staff Editor, Dark Reading,  8/8/2018
PGA of America Struck By Ransomware
Dark Reading Staff 8/9/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
The State of IT and Cybersecurity
The State of IT and Cybersecurity
IT and security are often viewed as different disciplines - and different departments. Find out what our survey data revealed, read the report today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-3937
PUBLISHED: 2018-08-14
An exploitable command injection vulnerability exists in the measurementBitrateExec functionality of Sony IPELA E Series Network Camera G5 firmware 1.87.00. A specially crafted GET request can cause arbitrary commands to be executed. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2018-3938
PUBLISHED: 2018-08-14
An exploitable stack-based buffer overflow vulnerability exists in the 802dot1xclientcert.cgi functionality of Sony IPELA E Series Camera G5 firmware 1.87.00. A specially crafted POST can cause a stack-based buffer overflow, resulting in remote code execution. An attacker can send a malicious POST r...
CVE-2018-12537
PUBLISHED: 2018-08-14
In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client request or server response.
CVE-2018-12539
PUBLISHED: 2018-08-14
In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code. Attach API is enabled by default on Windows,...
CVE-2018-3615
PUBLISHED: 2018-08-14
Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis.