Post-COVID-19 Security Spending Update
Security spending growth will slow in 2020, but purse strings are looser than for other areas of IT.
September 8, 2020
As we reported earlier this summer, the COVID-19 pandemic caused a lot of interruptions to security budgets and spending initiatives. With freezes in projects and hiring reported broadly among practitioners around the enterprise world, it was clear that organizations were holding tight while they got a better read on the economic environment.
As we head toward the fall, considerable public health and political uncertainty remains. Yet analysts believe some of those initial panic freezes may be thawing out in the cybersecurity space as organizations recognize the need to spend more to better secure a longer-term remote workforce, as well as de-risk acceleration of certain digital transformation strategies needed to accommodate new consumer and B2B realities.
Here's what the latest numbers are telling us.
Pandemic uncertainty may have pushed many security organizations to institute spending freezes or put improvement projects on hiatus, but according to Gartner only so much security spending is discretionary. The firm believes that while security budgetary increases for 2020 won't nearly equal what it projected at the start of the year, the market will still grow by 2.4% compared with last year. That's one of the strongest categories in all of IT, which in general will bleed from a budgetary standpoint, with overall IT spending expected to hit -8% at the end of the year.
Data: Gartner/Chart: Dark Reading
A recent study by Microsoft of 800 business leaders worldwide paints an even more optimistic picture of security spending in a post-pandemic landscape. The study shows that many organizations are tackling head-on the inherent risks around remote work and the broader aspects of digital transformation that started accelerating even before everyone was sent home. The study shows 58% of organizations reported increased spending, with almost one in four organizations experiencing an increase of 25% or more in security spending.
The Microsoft study shows that at the outset of COVID-19, the biggest security spend was around what most people would expect in the rush to a suddenly remote workforce: spending emphasis on multifactor authentication (MFA), added endpoint device protection, anti-phishing and training spending, and investments in virtual private networks. These trends track to the attack patterns lobbied by criminals who have been going after remote workers relentlessly during the spring and summer.
Now through the end of the year, the outlook seems to be for organizations to turn their sights to securing the underlying cloud technology running remote work -- and all of the digital offerings increasingly made available to customers who are as homebound as end users. Through the end of the year, spending priorities will be dominated by cloud security investments, according to the Microsoft study and Gartner projections. Gartner says the cloud security category may see growth gains of over 33%, which far outstrips the runner-up categories of data security (up 7.2%) and application security (up 6.2%).
Data: Gartner/Chart: Dark Reading
In spite of slightly upward spending trajectories for the security industry as a whole, the pandemic has forced many organizations to make big sacrifices. For example, many SOCs are being asked to deal with fewer team members. A report by Exabeam found that around half of organizations have had to furlough one to two SOC employees, and 68% have had to lay off one to three staff members. Meantime, 57% of organizations said they've deferred any further security hiring.
One industry in particular that appears to be leaving the spending faucets running at full flow is finance. According to a report by Deloitte and FS-ISAC, the combination of COVID-19 and increased digitization in the industry has pushed financial institutions to reinvest heavily in cybersecurity. The study shows financial institutions are on track to spend 15% more than last year, spending an average of $2,691 on cybersecurity for every full-time employee in their ranks.
One industry in particular that appears to be leaving the spending faucets running at full flow is finance. According to a report by Deloitte and FS-ISAC, the combination of COVID-19 and increased digitization in the industry has pushed financial institutions to reinvest heavily in cybersecurity. The study shows financial institutions are on track to spend 15% more than last year, spending an average of $2,691 on cybersecurity for every full-time employee in their ranks.
As we reported earlier this summer, the COVID-19 pandemic caused a lot of interruptions to security budgets and spending initiatives. With freezes in projects and hiring reported broadly among practitioners around the enterprise world, it was clear that organizations were holding tight while they got a better read on the economic environment.
As we head toward the fall, considerable public health and political uncertainty remains. Yet analysts believe some of those initial panic freezes may be thawing out in the cybersecurity space as organizations recognize the need to spend more to better secure a longer-term remote workforce, as well as de-risk acceleration of certain digital transformation strategies needed to accommodate new consumer and B2B realities.
Here's what the latest numbers are telling us.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024