A number of factors are creating a greater sense of urgency for IT security efforts at many organizations. High-profile data breaches, increased online transactions, existing and emerging regulatory mandates, increasingly sophisticated attacks and other factors are forcing business leaders to make data protection a higher priority than it has been.
With this post, we’re kicking off a series of articles about signs of how cyber security has become an important consideration of doing business for companies and consumers alike. As enterprises of all kinds continue to transform into “digital businesses”, security is taking center stage as a key part of day-to-day operations.
That’s not to say cyber security hasn’t been important up to now; in fact it’s been a top priority for CIOs and other technology leaders for years. But it seems as if security is reaching the upper heights of the “hype cycle”, with no real signs that it will lose momentum any time soon. Industry experts say this is not a bad thing.
“The silver lining to high-profile breaches that have occurred is that there is a new sense of urgency that is translating into security vigilance from the top down, forcing businesses to prioritize and make data security business-as-usual,” says Stephen Orfei, general manager of the Payment Card Industry Security Standards Council.
“Prevention, detection and response are always going to be the three legs of data protection,” Orfei says. “Better detection will certainly improve response time and the ability to mitigate attacks, but managing the impact and damage of compromise comes down to preparation, having a plan in place and the right investments in technology, training and partnerships to support it.”
Indeed, one of the best indicators that companies are emphasizing security more is an increase in spending, and a couple of recent reports from two of the leading IT research firms predict a rising level of investment on security technologies.
One study, from Gartner Inc., predicts that worldwide information security spending will grow 4.7% to reach $75.4 billion this year . This comes at a time when total IT spending worldwide has been steady, not growing at as fast a rate as security technology.
Gartner says the increase in spending is being driven by government initiatives, increased legislation and high-profile data breaches, such as those launched against Home Depot, Anthem, Sony Pictures Entertainment and Target.
Security testing, IT outsourcing and identity and access management offer the biggest growth opportunities for technology providers, according to the report. "Interest in security technologies is increasingly driven by elements of digital business, particularly cloud, mobile computing and now also the Internet of Things, as well as by the sophisticated and high-impact nature of advanced targeted attacks," said Elizabeth Kim, research analyst at Gartner.
This focus is driving investment in emerging offerings such as endpoint detection and remediation tools, threat intelligence and cloud security tools, such as encryption, Kim said.
Another research report, by International Data Corp. (IDC), shows that sales of security appliance products are on the rise. According to the Worldwide Quarterly Security Appliance Tracker, both factory revenues and unit shipments continued to grow in the first half of 2015.
Worldwide vendor revenues increased 9.6% year over year to $4.9 billion, the study says, and volume shipments expanded to 1.1 million and grew 8.8% year over year. For the second quarter of 2015, worldwide vendor revenues rose 12.2% year over year to $2.6 billion, marking the 23rd consecutive quarter of revenue growth. Shipments increased 10.6% year over year for the seventh straight quarter of volume growth, ending the second quarter at 567,388 units shipped.
Due in part to its higher threat profile, the United States market continued to be the largest for security appliances, IDC says, accounting for 41% of worldwide revenues in the second quarter of 2015 with 17.8% year-over-year growth.
Cyber crime remains a growing global problem and attacks against critical and sensitive services or systems that leads to massive data leaks continue to have far-reaching effects, notes Ebenezer Obeng-Nyarkoh, senior research analyst, Worldwide Trackers Group at IDC.
“Because there are so many ingenious ways into a network, having sophisticated cyber security measures is not the end game of a defensive prevention strategy," Obeng-Nyarkoh says. "The key is faster identification and prevention, and this is why in the last seven consecutive quarters the deployment of intrusion detection and prevention solutions have been gaining traction.”
These are just two industry reports on the cyber security market. But they clearly show the impact of recent security incidents on companies’ willingness to invest more in tools and services to better protect information assets.