Cyber Security Spending Is Going Up And Here’s Why

As the threat landscape intensifies, Gartner is projecting global cyber security spending to increase 8% in 2018, to $96.3 billion.

Analysts believe the surge is due to a number of factors, a few of which include the sheer number of breaches, anxiety about said breaches and emerging technology to detect threats and handle incidents in real time. The latter is one silver lining in a space where thieves are both malicious and tireless.

Further reasons for the boost in cyber security spending include looming regulations, buyer mindset and the ongoing “digital transformation” efforts undertaken at the enterprise level. As such, enterprise security practitioners must be privy to threats, solutions and the trajectory of the space as a whole.

Ruggero Contu, research director at Gartner, attributed much of the spending to organizational response to mega-breaches, affecting top-tier companies like A.P. Moller-Maersk, FedEx, Equifax, etc. Contu added that the high-profile attacks are particularly troubling because their residual effects could linger for up to three years.

Gartner conducted a survey in Q2 of 2016, with 512 respondents from eight countries, which helped elucidate these buying behavior figures. What’s more, 53% of respondents cited security risks as the top concern and catalyst for security spending.

See Related: Rattling DevOps Could Patch Cyber Security Gaps

Because of this consistent fear, enterprises have outsourced their IT, and security information and event management (SIEM) has rooted itself in the space. These sub-segments are growing the security services and infrastructure fields.

Regulatory compliance is another hot-button issue, as enterprises have significantly increased their spending to adhere to various measures – each of which could spell financial doom for small and midsize enterprises (SME) and large enterprises. Related measures driving further compliance (and thus tools, consulting) include the Health Insurance Portability and Accountability Act (HIPAA) and the National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF) – a revision of which is currently being deliberated.

Elsewhere, rigid measures include: the General Data Protection Regulation (GDPR), which goes into effect May 28, 2018 and can hand down steep fines to any enterprise which handles data from citizens inside the European Union (EU), along with China’s 2016 “Cyber Security Law.”

See Related: 'Tech Won't Run Itself': Analyzing Cyber Security's Talent Crisis

Those affected by the regulations typically seek out data security tools and invest in privileged access management and SIEM.

The same report suggests that by 2020, over 60% of organizations will invest in multiple data security tools (encryption, auditing, etc.), which is up from its current figure of 35%.

Consulting and outsourcing remain strong players in the global spend moving forward, as the industry grapples with its skills gap and pushes toward third-party providers and automation.

Gartner also projects that outsourcing will account for $18.5 billion in 2018, up 11% from 2017.

As mentioned, additional subsets experiencing growth include threat detection and incident response, which are resulting in a sort of seismic shift in the market. Users are seeking endpoint detection capabilities, along with various analytics resources.

As previously reported by CSHub, a Grand View Research report indicated that the threat intelligence market alone is anticipated to reach $12.6 billion by 2025. That comes at a compound annual growth rate (CAGR) of 17.4% over eight years.