monsitj - Fotolia

Regulation and impact of cyber attacks driving security spending

Awareness of the impact of cyber attacks on business and regulation are expected to be the top drivers of continued and increased spending on cyber security, according to research firm Gartner

Worldwide spending on information security products and services will reach $86.4bn in 2017, an increase of 7% compared with 2016, predicts Gartner.

Security spending in 2018 is expected to grow by just over 7% to $93bn, mainly due to a growing awareness of business leaders about the potential impact on the business of cyber attacks and new data protection regulations, according to the firm’s latest forecast.

Within the infrastructure protection segment, Gartner forecasts fast growth in the security testing market, albeit from a small base.

This growth is due to continued data breaches and growing demands for application security testing as part of the DevOps approach organisations are embracing to harness the power of digital technology.

Spending on emerging application security testing tools, particularly interactive application security testing (IAST), will contribute to the growth of this segment in the next five years, said Gartner.

Security services is expected to continue to be the fastest growing segment, especially IT outsourcing, consulting and implementation services.

However, Gartner said hardware support services will see growth slowing, due to the adoption of virtual appliances, public cloud and software as a service (SaaS) editions of security products, which reduces the need for attached hardware support overall.

Read more about security spending

“Rising awareness among CEOs and boards of directors about the business impact of security incidents and an evolving regulatory landscape have led to continued spending on security products and services,” said Sid Deshpande, principal research analyst at Gartner.

“However, improving security is not just about spending on new technologies because, as seen in the recent spate of global security incidents, doing the basics right has never been more important,” he said.

According to Deshpande, organisations can improve their security posture significantly just by addressing basic security and risk related hygiene elements like threat-centric vulnerability management, centralised log management, internal network segmentation, backups and system hardening.

One assumption underlying the forecast is that the The EU General Data Protection Regulation (GDPR) has created renewed interest in data security, and will drive 65% of data loss prevention buying decisions today through 2018.

According to Gartner, the GDPR has caused an overall panic and unease among organisations in Europe, and will also have a global effect because multinationals will also need to adhere to the new law.

Organisations looking at investment

While organisations are working towards strengthening their knowledge of the regulation, those with some form of data loss prevention (DLP) already implemented are determining what additional capabilities they need to invest in, specifically integrated DLP such as data classification, data masking and data discovery. Organisations that do not already have strong DLP in place are looking to increase their capabilities, said Gartner.

Another assumption underlying the forecast is that by 2020, Gartner expects 40% of all managed security service (MSS) contracts will be bundled with other security services and broader IT outsourcing (ITO) projects, up from 20% today.

To deal with the complexity of designing, building and operating a mature security program in a short space of time, Gartner said many large organisations are looking to security consulting and ITO providers that offer customisable delivery components that are sold with the MSS.

According to Gartner, as ITO providers and security consulting firms improve the maturity of the MSS they offer, customers will have a much broader range of bundling and service packaging options through which to consume MSS offerings. Gartner predicts that the large contract sizes associated with ITO and security outsourcing deals will drive significant growth for the MSS market until 2020. 

Read more on Hackers and cybercrime prevention