Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

10/13/2016
04:20 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Information Security Spending Will Top $101 Billion By 2020

Spending on security services will drive much of the growth, IDC says in new forecast

Security executives often blame a lack of budget for their inability to stay on top of existing and emerging threats. But recent trends in security spending suggest that they would have less of an argument for doing so over the next few years.

In 2016, organizations around the world will spend a record-breaking $73.7 billion on cyber security measures. By 2020 that number will jump to over $101 billion at a compound annual growth rate of 8.3 percent, according to newly released estimates from IDC.

For perspective, the projected growth in security spending is more than double the rate at which overall IT spending will likely grow in the same five-year period.

A lot of the increased investment will be on security services. This year nearly 45 percent of all cybersecurity investments will be on managed security services consulting, integration, and related services. The managed security services segment alone will generate revenues of $13 billion in 2016, IDC said in its forecast.

Private and public sector organizations will also spend heavily on software products, especially endpoint protection tools, vulnerability management products, and identity and access management software. Spending on these tools will account for 75 percent of all spending on security software, IDC said. Security hardware revenues meanwhile will reach $14 billion this year driven mainly by surging demand for unified threat management and user behavior analytics systems.

Much of the growth in security investments appears to be driven by fear. "Today's security climate is such that enterprises fear becoming victims of the next major cyberattack or cyber extortion," said Sean Pike, vice president of security products at IDC. "As a result, security has become heavily scrutinized by boards of directors demanding that security budgets are used wisely and solutions operate at peak efficiency.”

IDCs estimate for information security spending is actually slightly lower than Gartner’s forecast for 2016. According to Gartner, worldwide cybersecurity spending will top $81 billion this year or about 10 percent higher than the IDC estimate.

IT outsourcing and consulting are currently the two areas where organizations currently spend the most on security. Through the end of 2020, the highest growth will come from data loss prevention technologies, security testing products, and IT outsourcing, Gartner has predicted.

The analyst firm expects security spending to become increasingly service-oriented as organizations that are facing staffing and talent issues turn to third parties for help.

The apparent willingness by organizations to spend more on information security should remove some of the constraints that many executives claim have held them back from a better security posture.

But the fact that so many organizations continue to get hacked amid all the increased investment suggests an implementation disconnect, said Ilia Kolochenko, CEO and founder of web security firm High-Tech Bridge.

“Something is wrong here,” he said in a statement. “We cannot continuously increase our cybersecurity budget and get instantly and more frequently hacked in parallel.”

What the trend shows is that spending more does not mean spending better. Often for instance, an organization might invest in a security product because it worked for someone else. That is a mistake, he says in separate comments to Dark Reading.  “A solution that is successfully mitigating threats at [the] largest banks may be inappropriate for insurance firms, governments or SMBs.”

For all the money invested today in security, everything is effectively hacked all the time, says Jeremiah Grossman, head of security strategy at SentinelOne pointing to recent breaches at the NSA, DNC, OPM and, multiple retailers.

“Will the extra $27 billion turn things around? I doubt any security professional would bet on that outcome,” he says.

Grossman believes the only way to turn things around is by changing the incentives around cybersecurity. “The only thing I see that’s capable of turning things around is cyber-insurance, security vendors offering product warrantees, and new software liability regulations,” he says. “In infosec, we’re less dealing with an awareness issue anymore and more of economics incentives issue.”

Related stories:

 

 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
ChandanaP946
50%
50%
ChandanaP946,
User Rank: Strategist
10/14/2016 | 11:47:09 AM
I agree
Fear is the biggest motivator for cybersecurity spending https://cyware.com/news/heres-how-much-businesses-worldwide-will-expend-on-cybersecurity-by-2020-2c563974
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
A Patriotic Solution to the Cybersecurity Skills Shortage
Adam Benson, Senior VP, Vrge Strategies,  8/3/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-12777
PUBLISHED: 2020-08-10
A function in Combodo iTop contains a vulnerability of Broken Access Control, which allows unauthorized attacker to inject command and disclose system information.
CVE-2020-12778
PUBLISHED: 2020-08-10
Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack.
CVE-2020-12779
PUBLISHED: 2020-08-10
Combodo iTop contains a stored Cross-site Scripting vulnerability, which can be attacked by uploading file with malicious script.
CVE-2020-12780
PUBLISHED: 2020-08-10
A security misconfiguration exists in Combodo iTop, which can expose sensitive information.
CVE-2020-12781
PUBLISHED: 2020-08-10
Combodo iTop contains a cross-site request forgery (CSRF) vulnerability, attackers can execute specific commands via malicious site request forgery.