Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

Gartner: IT Security Spending to Reach $96 Billion in 2018

Identity access management and security services to drive worldwide spending growth.

Worldwide IT security spending is expected to climb 8% next year to $96.3 billion, fueled by investments in identity access management and security services – two areas on tap to rise faster than the overall spending growth rate, according to a Gartner report released this week.

Identity access management (IAM), the smallest slice in the overall IT security spending pie, is expected to jump 9.7% to $4.7 billion in 2018 over the previous year, the report states. Rising regulatory compliance and data privacy requirements over the past three years are driving demand for IAM products and services across the globe, according to the report, which points to the EU General Data Protection Regulation (GDPR) as one example.

Security services, the largest slice of the spending pie, is projected to increase 8.8% to $57.7 billion in 2018, compared with the previous year, Gartner reports. This spending jump is fueled by a skills shortage, growing threat landscape, and complexity in managing IT security, the report finds.

And within the security services sector, spending on outsourcing services is expected to jump 11% to $18.5 billion in 2018.

"Skill sets are scarce and therefore remain at a premium, leading organizations to seek external help from security consultants, managed security service providers, and outsourcers," Ruggero Contu, Gartner research director, said in a statement.

 

Worldwide spending on infrastructure protection is expected to rise 7.7% year-over-year in 2018, aided by demand for security testing and security information and event management (SIEM) technologies and services, according to the report.

Network security equipment spending is expected to increase 6.7% in 2018, compared with the previous year, while consumer security software is expected to tick up a mere 2.4% in the same time period.

"Overall, a large portion of security spending is driven by an organization's reaction toward security breaches as more high profile cyberattacks and data breaches affect organizations worldwide," Contu said. "Cyberattacks such as WannaCry and NotPetya, and most recently the Equifax breach, have a direct effect on security spend, because these types of attacks last up to three years."

Despite the projected 8% increase in IT security spending in 2018, High-Tech Bridge CEO Ilia Kolochenko does not believe it is enough.

"In light of the ubiquitous penetration of all types of technology into our everyday life, skyrocketing attacks against SCADA, and emerging IoT botnets, the growth of worldwide security spending seems to be very slow and inadequate to cover at least the most important risks," says Kolochenko in a statement.

By 2020, Gartner forecasts more than 60% of organizations will have multiple data security tools, such as, data loss prevention, encryption, and data-centric audit and protection tools. That will be nearly double the 35% penetration rate for multiple data security tools today, the report notes.

Enterprises, meanwhile, are projected to shift their budgets toward detection and response solutions, which will drive IT security spending even further over the next five years, Gartner reports.

"This increased focus on detection and response to security incidents has enabled technologies such as endpoint detection and response, and user entity and behavior analytics to disrupt traditional markets such as endpoint protection platforms and SIEM," Contu says.

Related Content:

Dawn Kawamoto is an Associate Editor for Dark Reading, where she covers cybersecurity news and trends. She is an award-winning journalist who has written and edited technology, management, leadership, career, finance, and innovation stories for such publications as CNET's ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Data Privacy Protections for the Most Vulnerable -- Children
Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
Sodinokibi Ransomware: Where Attackers' Money Goes
Kelly Sheridan, Staff Editor, Dark Reading,  10/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18202
PUBLISHED: 2019-10-19
Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control. A remote attacker can check for the existence of paths and file names via crafted HTTP requests.
CVE-2019-18209
PUBLISHED: 2019-10-19
templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser does not encode the path of the URL, as demonstrated by Internet Explorer.
CVE-2019-18198
PUBLISHED: 2019-10-18
In the Linux kernel before 5.3.4, a reference count usage error in the fib6_rule_suppress() function in the fib6 suppression feature of net/ipv6/fib6_rules.c, when handling the FIB_LOOKUP_NOREF flag, can be exploited by a local attacker to corrupt memory, aka CID-ca7a03c41753.
CVE-2019-18197
PUBLISHED: 2019-10-18
In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclo...
CVE-2019-4409
PUBLISHED: 2019-10-18
HCL Traveler versions 9.x and earlier are susceptible to cross-site scripting attacks. On the Problem Report page of the Traveler servlet pages, there is a field to specify a file attachment to provide additional problem details. An invalid file name returns an error message that includes the entere...