Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

10/13/2016
04:20 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Information Security Spending Will Top $101 Billion By 2020

Spending on security services will drive much of the growth, IDC says in new forecast

Security executives often blame a lack of budget for their inability to stay on top of existing and emerging threats. But recent trends in security spending suggest that they would have less of an argument for doing so over the next few years.

In 2016, organizations around the world will spend a record-breaking $73.7 billion on cyber security measures. By 2020 that number will jump to over $101 billion at a compound annual growth rate of 8.3 percent, according to newly released estimates from IDC.

For perspective, the projected growth in security spending is more than double the rate at which overall IT spending will likely grow in the same five-year period.

A lot of the increased investment will be on security services. This year nearly 45 percent of all cybersecurity investments will be on managed security services consulting, integration, and related services. The managed security services segment alone will generate revenues of $13 billion in 2016, IDC said in its forecast.

Private and public sector organizations will also spend heavily on software products, especially endpoint protection tools, vulnerability management products, and identity and access management software. Spending on these tools will account for 75 percent of all spending on security software, IDC said. Security hardware revenues meanwhile will reach $14 billion this year driven mainly by surging demand for unified threat management and user behavior analytics systems.

Much of the growth in security investments appears to be driven by fear. "Today's security climate is such that enterprises fear becoming victims of the next major cyberattack or cyber extortion," said Sean Pike, vice president of security products at IDC. "As a result, security has become heavily scrutinized by boards of directors demanding that security budgets are used wisely and solutions operate at peak efficiency.”

IDCs estimate for information security spending is actually slightly lower than Gartner’s forecast for 2016. According to Gartner, worldwide cybersecurity spending will top $81 billion this year or about 10 percent higher than the IDC estimate.

IT outsourcing and consulting are currently the two areas where organizations currently spend the most on security. Through the end of 2020, the highest growth will come from data loss prevention technologies, security testing products, and IT outsourcing, Gartner has predicted.

The analyst firm expects security spending to become increasingly service-oriented as organizations that are facing staffing and talent issues turn to third parties for help.

The apparent willingness by organizations to spend more on information security should remove some of the constraints that many executives claim have held them back from a better security posture.

But the fact that so many organizations continue to get hacked amid all the increased investment suggests an implementation disconnect, said Ilia Kolochenko, CEO and founder of web security firm High-Tech Bridge.

“Something is wrong here,” he said in a statement. “We cannot continuously increase our cybersecurity budget and get instantly and more frequently hacked in parallel.”

What the trend shows is that spending more does not mean spending better. Often for instance, an organization might invest in a security product because it worked for someone else. That is a mistake, he says in separate comments to Dark Reading.  “A solution that is successfully mitigating threats at [the] largest banks may be inappropriate for insurance firms, governments or SMBs.”

For all the money invested today in security, everything is effectively hacked all the time, says Jeremiah Grossman, head of security strategy at SentinelOne pointing to recent breaches at the NSA, DNC, OPM and, multiple retailers.

“Will the extra $27 billion turn things around? I doubt any security professional would bet on that outcome,” he says.

Grossman believes the only way to turn things around is by changing the incentives around cybersecurity. “The only thing I see that’s capable of turning things around is cyber-insurance, security vendors offering product warrantees, and new software liability regulations,” he says. “In infosec, we’re less dealing with an awareness issue anymore and more of economics incentives issue.”

Related stories:

 

 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
ChandanaP946
50%
50%
ChandanaP946,
User Rank: Strategist
10/14/2016 | 11:47:09 AM
I agree
Fear is the biggest motivator for cybersecurity spending https://cyware.com/news/heres-how-much-businesses-worldwide-will-expend-on-cybersecurity-by-2020-2c563974
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16772
PUBLISHED: 2019-12-07
The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.to...
CVE-2019-9464
PUBLISHED: 2019-12-06
In various functions of RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java, there is an incorrect warning indicating an app accessed the user's location. This could dissolve the trust in the platform's permission system, with no additional execution privileges need...
CVE-2019-2220
PUBLISHED: 2019-12-06
In checkOperation of AppOpsService.java, there is a possible bypass of user interaction requirements due to mishandling application suspend. This could lead to local information disclosure no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVers...
CVE-2019-2221
PUBLISHED: 2019-12-06
In hasActivityInVisibleTask of WindowProcessController.java there?s a possible bypass of user interaction requirements due to incorrect handling of top activities in INITIALIZING state. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction ...
CVE-2019-2222
PUBLISHED: 2019-12-06
n ihevcd_parse_slice_data of ihevcd_parse_slice.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android...