Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

10/13/2016
04:20 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Information Security Spending Will Top $101 Billion By 2020

Spending on security services will drive much of the growth, IDC says in new forecast

Security executives often blame a lack of budget for their inability to stay on top of existing and emerging threats. But recent trends in security spending suggest that they would have less of an argument for doing so over the next few years.

In 2016, organizations around the world will spend a record-breaking $73.7 billion on cyber security measures. By 2020 that number will jump to over $101 billion at a compound annual growth rate of 8.3 percent, according to newly released estimates from IDC.

For perspective, the projected growth in security spending is more than double the rate at which overall IT spending will likely grow in the same five-year period.

A lot of the increased investment will be on security services. This year nearly 45 percent of all cybersecurity investments will be on managed security services consulting, integration, and related services. The managed security services segment alone will generate revenues of $13 billion in 2016, IDC said in its forecast.

Private and public sector organizations will also spend heavily on software products, especially endpoint protection tools, vulnerability management products, and identity and access management software. Spending on these tools will account for 75 percent of all spending on security software, IDC said. Security hardware revenues meanwhile will reach $14 billion this year driven mainly by surging demand for unified threat management and user behavior analytics systems.

Much of the growth in security investments appears to be driven by fear. "Today's security climate is such that enterprises fear becoming victims of the next major cyberattack or cyber extortion," said Sean Pike, vice president of security products at IDC. "As a result, security has become heavily scrutinized by boards of directors demanding that security budgets are used wisely and solutions operate at peak efficiency.”

IDCs estimate for information security spending is actually slightly lower than Gartner’s forecast for 2016. According to Gartner, worldwide cybersecurity spending will top $81 billion this year or about 10 percent higher than the IDC estimate.

IT outsourcing and consulting are currently the two areas where organizations currently spend the most on security. Through the end of 2020, the highest growth will come from data loss prevention technologies, security testing products, and IT outsourcing, Gartner has predicted.

The analyst firm expects security spending to become increasingly service-oriented as organizations that are facing staffing and talent issues turn to third parties for help.

The apparent willingness by organizations to spend more on information security should remove some of the constraints that many executives claim have held them back from a better security posture.

But the fact that so many organizations continue to get hacked amid all the increased investment suggests an implementation disconnect, said Ilia Kolochenko, CEO and founder of web security firm High-Tech Bridge.

“Something is wrong here,” he said in a statement. “We cannot continuously increase our cybersecurity budget and get instantly and more frequently hacked in parallel.”

What the trend shows is that spending more does not mean spending better. Often for instance, an organization might invest in a security product because it worked for someone else. That is a mistake, he says in separate comments to Dark Reading.  “A solution that is successfully mitigating threats at [the] largest banks may be inappropriate for insurance firms, governments or SMBs.”

For all the money invested today in security, everything is effectively hacked all the time, says Jeremiah Grossman, head of security strategy at SentinelOne pointing to recent breaches at the NSA, DNC, OPM and, multiple retailers.

“Will the extra $27 billion turn things around? I doubt any security professional would bet on that outcome,” he says.

Grossman believes the only way to turn things around is by changing the incentives around cybersecurity. “The only thing I see that’s capable of turning things around is cyber-insurance, security vendors offering product warrantees, and new software liability regulations,” he says. “In infosec, we’re less dealing with an awareness issue anymore and more of economics incentives issue.”

Related stories:

 

 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
ChandanaP946
50%
50%
ChandanaP946,
User Rank: Strategist
10/14/2016 | 11:47:09 AM
I agree
Fear is the biggest motivator for cybersecurity spending https://cyware.com/news/heres-how-much-businesses-worldwide-will-expend-on-cybersecurity-by-2020-2c563974
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Google's new See No Evil policy......
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-24368
PUBLISHED: 2021-06-20
The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin WordPress plugin before 7.1.18 did not sanitise or escape its result_id parameter when displaying an existing quiz result page, leading to a reflected Cross-Site Scripting issue. This c...
CVE-2021-31664
PUBLISHED: 2021-06-18
RIOT-OS 2021.01 before commit 44741ff99f7a71df45420635b238b9c22093647a contains a buffer overflow which could allow attackers to obtain sensitive information.
CVE-2021-33185
PUBLISHED: 2021-06-18
SerenityOS contains a buffer overflow in the set_range test in TestBitmap which could allow attackers to obtain sensitive information.
CVE-2021-33186
PUBLISHED: 2021-06-18
SerenityOS in test-crypto.cpp contains a stack buffer overflow which could allow attackers to obtain sensitive information.
CVE-2021-31272
PUBLISHED: 2021-06-18
SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c contains a directory traversal vulnerability in tar/unzip that may lead to command execution or privilege escalation.