Recent industry research studies provide a clear sense of what’s happening in terms of cyber security spending—and it’s probably good news for many security executives. Investments in technologies to protect data resources are going up, likely a reflection of the greater emphasis on security at the highest levels of organizations.
In October 2016 International Data Corp. (IDC) released its first Worldwide Semiannual Security Spending Guide, which forecasts worldwide revenues for security-related hardware, software and services will grow from $73.7 billion in 2016 to $101.6 billion in 2020.
The expected increase represents a compound annual growth rate (CAGR) of 8.3%, the firm says, more than twice the rate of overall IT spending growth, over the five-year forecast period.
"Today's security climate is such that enterprises fear becoming victims of the next major cyber attack or cyber extortion," noted Sean Pike, program vice president, Security Products at IDC. "As a result, security has become heavily scrutinized by boards of directors demanding that security budgets are used wisely and solutions operate at peak efficiency."
The sectors that are making the biggest investments in security solutions in 2016 will be banking ($8.6 billion), followed by discrete manufacturing, federal/central government, and process manufacturing, according to the IDC report. These four industries will account for 37% of worldwide security revenues this year and will remain the largest industries in terms of total spending throughout the five year forecast.
The industries that will see the fastest growth in security spending will be healthcare (10.3% CAGR), followed by telecommunications, utilities, state and local government, and securities and investment services. Each of these sectors will see CAGRs above 9% over the forecast period, IDC says.
What are organizations spending their money on? The largest category of investment is security-related services, which will account for about 45% of all security spending worldwide in 2016. The largest segment, managed security services, will generate estimated revenues of $13 billion this year.
Security software is next, with endpoint security, identity and access management, and security and vulnerability management software driving more than three quarters of the category's revenues. Security hardware revenues will reach $14 billion in 2016, led by purchases of unified threat management systems.
One of the fastest growing segments of the cyber security products market will be user behavior analytics software, with a CAGR of 12.2%. Managed security services will generally be the largest segment of spending among the industries making the biggest security investments.
In terms of geographic perspective, the United States will be the largest market for security products throughout the forecast period, according to IDC. In 2016, the U.S. is expected to account for $31.5 billion in security-related investments. Western Europe will be the second largest market, with revenues of nearly $19.5 billion this year, followed by the Asia/Pacific (excluding Japan) region.
Another report on security spending, released in August by Gartner Inc., forecasts that worldwide spending on information security products and services will reach $81.6 billion in 2016, an increase of 8% over 2015.
Consulting and IT outsourcing are currently the largest categories of spending on information security, the firm said. Until the end of 2020, the highest growth is expected to come from security testing, IT outsourcing and data loss prevention (DLP). Preventive security will continue to show strong growth, the firm said, as many security practitioners continue to have a buying preference for preventive measures.
Products such as security information and event management (SIEM) and secure web gateways (SWGs) are evolving to support detection-and-response approaches, and Gartner expects the SWG market will maintain its growth of 5% to 10% through 2020 as organizations focus on detection and response.
Organizations are increasingly focusing on those areas, because taking a preventive approach hasn’t been successful in blocking malicious attacks, noted Elizabeth Kim, senior research analyst at Gartner. The firm advises organizations to balance their spending to include both.
Security spending will become increasingly service-driven as enterprises continue to face staffing and talent shortages, Kim said. Managed detection and response (MDR) is emerging, with demand coming from organizations that are struggling to deploy, manage and use an effective combination of expertise and tools to detect threats.
Among other highlights from the Gartner report: the average selling price for firewalls is expected to increase by at least 2% year over year until the end of 2018; by 2018, 90% of organizations will implement at least one form of integrated DLP, up from 50% today; public cloud adoption will impact firewall spending by less than 10% until the end of 2019 but will have an impact after that; and half of midsize and large organizations will add bigger, more advanced inspection-oriented features to their network firewalls by 2019.