It seems as though CISOs and CSOs are constantly battling with challenges, whether it’s newly discovered threats and vulnerabilities, growing demand for cyber security skills and not enough qualified people to deliver them, complaints from business users about disruptive security tools, or some other issue,
Here’s some news that might provide a bit of optimism for security executives: recent industry research shows that many organizations are planning to increase their spending on cyber security efforts.
On the one hand, this development should not be surprising. Data breaches and other attacks have received a huge amount of attention and media coverage over the past few years, which has put cyber security and threats in the spotlight and created a sense of urgency for bolstering defenses.
On the other hand, getting adequate funding for security technology investments often seems to be a struggle, in part because security is not viewed as being of strategic importance to organizations.
In any case, research shows that organizations apparently are opening the vaults at least to some extent to help strengthen their security posture.
Research and news site Tech Pro Research in July and August 2017 surveyed IT professionals about their companies' 2018 budgets. Among the key findings from the report were that more than half of the respondents (53%) said improving security will be a top budgetary priority for their organization in 2018.
That’s higher than the 47% who said their company will be prioritizing hardware purchasing and 43% who said their organization will place priority on cloud services.
In a report released in August 2017, research firm Gartner Inc. said worldwide spending on information security products and services will reach $86.4 billion in 2017, an increase of 7% over 2016.
Spending is expected to grow to $93 billion in 2018, according to the Gartner forecast. Within the infrastructure protection segment of the market, the firm predicts rapid growth in the security testing market, due to continued data breaches and growing demands for application security testing as part of DevOps initiatives.
Organizations’ spending on emerging application security testing tools, particularly interactive application security testing (IAST), will contribute to the growth of this segment through 2021.
Security services will continue to be the fastest-growing segment of the market, Gartner said, especially IT outsourcing, consulting and implementation services. But hardware support services will see a slowdown in growth, due to the adoption of virtual appliances, public cloud, and software-as-a-service (SaaS) editions of security applications, all of which reduce the need for hardware support overall.
Gartner principal research analyst Sid Deshpande credits rising awareness among CEOs and boards of directors about the business impact of security incidents and an evolving regulatory landscape for the growth in spending on security products and services.
Another report, by research firm Markets and Markets, said the cyber security market is expected to grow from $137.85 billion in 2017 to $231.94 billion by 2022, at a compound annual growth rate (CAGR) of 11%. The major forces driving the cyber security market include strict data protection directives and cyber terrorism, the study said.
The market is also growing rapidly because of the growing security needs of Internet of Things (IoT) and bring your own device (BYOD) trends, and increased deployment of Web and cloud-based business applications. Demand for application security solutions is on the rise as the emergence of IoT and BYOD has connected large numbers of devices and applications via the Internet.
The application security segment is expected to see the highest CAGR in the global cyber security market during the period of 2017–2022. North America is estimated to account for the largest market share in 2017.
The adoption of security solutions is expected to be the highest in the aerospace and defense vertical, according to Markets and Markets. The government, banking, financial services and insurance, and IT and telecom verticals are expected to gain traction during the forecast period.
Despite these optimistic forecasts for increased spending, security and IT executives need to be vigilant in their efforts to educate their superiors about the need to bolster cyber security infrastructures. Far too many data breaches and other attacks have been orchestrated in recent years, and there is no sign that this will slow down in the months to come.
Executives also have to make sure they’re spending on the right technologies. Throwing money at products and services that don’t address the relevant threat vectors or protect data will not lead to stronger security.