Operations

12/8/2017
12:15 PM
50%
50%

Gartner: IT Security Spending to Reach $96 Billion in 2018

Identity access management and security services to drive worldwide spending growth.

Worldwide IT security spending is expected to climb 8% next year to $96.3 billion, fueled by investments in identity access management and security services – two areas on tap to rise faster than the overall spending growth rate, according to a Gartner report released this week.

Identity access management (IAM), the smallest slice in the overall IT security spending pie, is expected to jump 9.7% to $4.7 billion in 2018 over the previous year, the report states. Rising regulatory compliance and data privacy requirements over the past three years are driving demand for IAM products and services across the globe, according to the report, which points to the EU General Data Protection Regulation (GDPR) as one example.

Security services, the largest slice of the spending pie, is projected to increase 8.8% to $57.7 billion in 2018, compared with the previous year, Gartner reports. This spending jump is fueled by a skills shortage, growing threat landscape, and complexity in managing IT security, the report finds.

And within the security services sector, spending on outsourcing services is expected to jump 11% to $18.5 billion in 2018.

"Skill sets are scarce and therefore remain at a premium, leading organizations to seek external help from security consultants, managed security service providers, and outsourcers," Ruggero Contu, Gartner research director, said in a statement.

 

Worldwide spending on infrastructure protection is expected to rise 7.7% year-over-year in 2018, aided by demand for security testing and security information and event management (SIEM) technologies and services, according to the report.

Network security equipment spending is expected to increase 6.7% in 2018, compared with the previous year, while consumer security software is expected to tick up a mere 2.4% in the same time period.

"Overall, a large portion of security spending is driven by an organization's reaction toward security breaches as more high profile cyberattacks and data breaches affect organizations worldwide," Contu said. "Cyberattacks such as WannaCry and NotPetya, and most recently the Equifax breach, have a direct effect on security spend, because these types of attacks last up to three years."

Despite the projected 8% increase in IT security spending in 2018, High-Tech Bridge CEO Ilia Kolochenko does not believe it is enough.

"In light of the ubiquitous penetration of all types of technology into our everyday life, skyrocketing attacks against SCADA, and emerging IoT botnets, the growth of worldwide security spending seems to be very slow and inadequate to cover at least the most important risks," says Kolochenko in a statement.

By 2020, Gartner forecasts more than 60% of organizations will have multiple data security tools, such as, data loss prevention, encryption, and data-centric audit and protection tools. That will be nearly double the 35% penetration rate for multiple data security tools today, the report notes.

Enterprises, meanwhile, are projected to shift their budgets toward detection and response solutions, which will drive IT security spending even further over the next five years, Gartner reports.

"This increased focus on detection and response to security incidents has enabled technologies such as endpoint detection and response, and user entity and behavior analytics to disrupt traditional markets such as endpoint protection platforms and SIEM," Contu says.

Related Content:

Dawn Kawamoto is an Associate Editor for Dark Reading, where she covers cybersecurity news and trends. She is an award-winning journalist who has written and edited technology, management, leadership, career, finance, and innovation stories for such publications as CNET's ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
12 Free, Ready-to-Use Security Tools
Steve Zurier, Freelance Writer,  10/12/2018
Pair of Reports Paint Picture of Enterprise Security Struggling to Keep Up
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/11/2018
New Domains: A Wide-Open Playing Field for Cybercrime
Ben April, CTO, Farsight Security,  10/9/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-18324
PUBLISHED: 2018-10-15
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has XSS via the admin/fileManager2.php fm_current_dir parameter, or the admin/index.php module, service_start, service_fullstatus, service_restart, service_stop, or file (within the file_editor) parameter.
CVE-2018-18322
PUBLISHED: 2018-10-15
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Command Injection via shell metacharacters in the admin/index.php service_start, service_restart, service_fullstatus, or service_stop parameter.
CVE-2018-18323
PUBLISHED: 2018-10-15
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Local File Inclusion via directory traversal with an admin/index.php?module=file_editor&file=/../ URI.
CVE-2018-18319
PUBLISHED: 2018-10-15
** DISPUTED ** An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker can execute arbitrary commands because api.php has an eval call, as demonstrated by the /6/api.php?function=command&class=remote&Cc='ls' URI. NOTE: the vendor indicates that Merli...
CVE-2018-18320
PUBLISHED: 2018-10-15
** DISPUTED ** An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker can execute arbitrary commands because exec.php has a popen call. NOTE: the vendor indicates that Merlin.PHP is designed only for use on a trusted intranet network, and intentionally allo...