WavebreakmediaMicro - Fotolia

Global infosec spending to reach £63bn in 2016, says Gartner

Although security spending is moving to detection and response, Gartner expects preventive security to continue strong growth

Global spending on information security will reach $81.6bn (£63bn) in 2016, an increase of 7.9% compared with 2015, according to research firm Gartner.

Consulting and IT outsourcing are currently the largest categories of spending on information security, but in the next four years the highest growth is expected to come from security testing, IT outsourcing and data loss prevention (DLP), according to Gartner’s latest forecast report.

Preventive security, said Gartner, will continue to show strong growth because many security practitioners continue to have a buying preference for preventive measures.

However, the research firm noted that products such as security information and event management (Siem) and secure web gateways (SWGs) are evolving to support detection-and-response approaches.

Gartner expects the SWG market to maintain its growth of 5% to 10% to 2020 as organisations focus on detection and response.

“Organisations are increasingly focusing on detection and response, because taking a preventive approach has not been successful in blocking malicious attacks,” said Elizabeth Kim, senior research analyst at Gartner. “We strongly advise businesses to balance their spending to include both.”

Security spending will become increasingly service-driven, said Kim, as organisations continue to face staffing and talent shortages.

Managed detection and response (MDR) is emerging, she said, with demand coming from organisations struggling to deploy, manage and use an effective combination of expertise and tools to detect threats, and then bring their environment back to a known good state.

This is particularly true for targeted advanced threats and insider threats. With more MDR providers emerging targeting the mid-market, Gartner foresees these services being an additional driver for security spending for both large and smaller organisations.

Firewall to drive revenue growth

According to Gartner, spending in security markets such as consumer security software, secure email gateways and endpoint protection platforms continues to show constrained growth due to commoditisation.

Gartner also expects the average selling price for firewalls to increase by at least 2% or 3% year over year until the end of 2018.

While competition among suppliers continues to put pressure on pricing, Gartner said enterprises, service providers and web-scale organisations are moving toward deploying bigger and more expensive firewalls.

As a result, Gartner said the deployment of large firewalls by cloud service providers would remain an important source of revenue growth for suppliers.

Analysts expect public cloud adoption to affect firewall spending by less than 10% until the end of 2019, but predict it will have an impact after that.

While software as a service (SaaS) adoption is growing, they said the effect on firewall spending will be limited for the next three years as cloud access security brokers continue to evolve to cover more than just SaaS, and start performing similar roles for infrastructure as a service and platform as a service.

Read more about security spending

But at the same time, firewall suppliers will also have to deal with the challenge of decrypting secure sockets layer (SSL) encryption at scale.

Half of mid-size and large organisations will add bigger, more advanced inspection-oriented features to their network firewalls by 2019, Gartner predicted. Bandwidth has been increasing, the report said, requiring larger scale, higher performing and more expensive firewalls.

In addition, organisations are looking to firewalls to consolidate other features, such as web filtering and intrusion prevention capabilities. Some are enhancing their firewalls with new content inspection features, such as malware sandboxing.

By 2018, the research firm predicted, 90% of organisations will use at least one form of integrated DLP, up from 50% currently.

According to Gartner, organisations have been deploying DLP to address regulatory compliance, intellectual property protection and data visibility and monitoring.

Newer solutions that include user entity and behaviour analytics, image analysis, machine learning and data-matching techniques are being used to augment existing solutions, the report said.

Read more on Privacy and data protection