Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

10/13/2016
04:20 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Information Security Spending Will Top $101 Billion By 2020

Spending on security services will drive much of the growth, IDC says in new forecast

Security executives often blame a lack of budget for their inability to stay on top of existing and emerging threats. But recent trends in security spending suggest that they would have less of an argument for doing so over the next few years.

In 2016, organizations around the world will spend a record-breaking $73.7 billion on cyber security measures. By 2020 that number will jump to over $101 billion at a compound annual growth rate of 8.3 percent, according to newly released estimates from IDC.

For perspective, the projected growth in security spending is more than double the rate at which overall IT spending will likely grow in the same five-year period.

A lot of the increased investment will be on security services. This year nearly 45 percent of all cybersecurity investments will be on managed security services consulting, integration, and related services. The managed security services segment alone will generate revenues of $13 billion in 2016, IDC said in its forecast.

Private and public sector organizations will also spend heavily on software products, especially endpoint protection tools, vulnerability management products, and identity and access management software. Spending on these tools will account for 75 percent of all spending on security software, IDC said. Security hardware revenues meanwhile will reach $14 billion this year driven mainly by surging demand for unified threat management and user behavior analytics systems.

Much of the growth in security investments appears to be driven by fear. "Today's security climate is such that enterprises fear becoming victims of the next major cyberattack or cyber extortion," said Sean Pike, vice president of security products at IDC. "As a result, security has become heavily scrutinized by boards of directors demanding that security budgets are used wisely and solutions operate at peak efficiency.”

IDCs estimate for information security spending is actually slightly lower than Gartner’s forecast for 2016. According to Gartner, worldwide cybersecurity spending will top $81 billion this year or about 10 percent higher than the IDC estimate.

IT outsourcing and consulting are currently the two areas where organizations currently spend the most on security. Through the end of 2020, the highest growth will come from data loss prevention technologies, security testing products, and IT outsourcing, Gartner has predicted.

The analyst firm expects security spending to become increasingly service-oriented as organizations that are facing staffing and talent issues turn to third parties for help.

The apparent willingness by organizations to spend more on information security should remove some of the constraints that many executives claim have held them back from a better security posture.

But the fact that so many organizations continue to get hacked amid all the increased investment suggests an implementation disconnect, said Ilia Kolochenko, CEO and founder of web security firm High-Tech Bridge.

“Something is wrong here,” he said in a statement. “We cannot continuously increase our cybersecurity budget and get instantly and more frequently hacked in parallel.”

What the trend shows is that spending more does not mean spending better. Often for instance, an organization might invest in a security product because it worked for someone else. That is a mistake, he says in separate comments to Dark Reading.  “A solution that is successfully mitigating threats at [the] largest banks may be inappropriate for insurance firms, governments or SMBs.”

For all the money invested today in security, everything is effectively hacked all the time, says Jeremiah Grossman, head of security strategy at SentinelOne pointing to recent breaches at the NSA, DNC, OPM and, multiple retailers.

“Will the extra $27 billion turn things around? I doubt any security professional would bet on that outcome,” he says.

Grossman believes the only way to turn things around is by changing the incentives around cybersecurity. “The only thing I see that’s capable of turning things around is cyber-insurance, security vendors offering product warrantees, and new software liability regulations,” he says. “In infosec, we’re less dealing with an awareness issue anymore and more of economics incentives issue.”

Related stories:

 

 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
ChandanaP946
50%
50%
ChandanaP946,
User Rank: Strategist
10/14/2016 | 11:47:09 AM
I agree
Fear is the biggest motivator for cybersecurity spending https://cyware.com/news/heres-how-much-businesses-worldwide-will-expend-on-cybersecurity-by-2020-2c563974
For Cybersecurity to Be Proactive, Terrains Must Be Mapped
Craig Harber, Chief Technology Officer at Fidelis Cybersecurity,  10/8/2019
A Realistic Threat Model for the Masses
Lysa Myers, Security Researcher, ESET,  10/9/2019
USB Drive Security Still Lags
Dark Reading Staff 10/9/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17537
PUBLISHED: 2019-10-13
Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for file deletion via the web/polygon/problem/deletefile?id=1&name=../ substring.
CVE-2019-17538
PUBLISHED: 2019-10-13
Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for file reading via the web/polygon/problem/viewfile?id=1&name=../ substring.
CVE-2019-17535
PUBLISHED: 2019-10-13
Gila CMS through 1.11.4 allows blog-list.php XSS, in both the gila-blog and gila-mag themes, via the search parameter, a related issue to CVE-2019-9647.
CVE-2019-17536
PUBLISHED: 2019-10-13
Gila CMS through 1.11.4 allows Unrestricted Upload of a File with a Dangerous Type via the moveAction function in core/controllers/fm.php. The attacker needs to use admin/media_upload and fm/move.
CVE-2019-17533
PUBLISHED: 2019-10-13
Mat_VarReadNextInfo4 in mat4.c in MATIO 1.5.17 omits a certain '\0' character, leading to a heap-based buffer over-read in strdup_vprintf when uninitialized memory is accessed.