Worldwide spending on information security products and services will reach $86.4 billion in 2017, an increase of 7 per cent over 2016, with spending expected to grow to $93 billion in 2018, according to the latest forecast from Gartner, Inc.
Within the infrastructure protection segment, Gartner forecasts fast growth in the security testing market (albeit from a small base) due to continued data breaches and growing demands for application security testing as part of DevOps. Spending on emerging application security testing tools, particularly interactive application security testing (IAST), will contribute to the growth of this segment through 2021.
Security services will continue to be the fastest growing segment, especially IT outsourcing, consulting and implementation services. However, hardware support services will see growth slowing, due to the adoption of virtual appliances, public cloud and software as a service (SaaS) editions of security solutions, which reduces the need for attached hardware support overall.
“Rising awareness among CEOs and boards of directors about the business impact of security incidents and an evolving regulatory landscape have led to continued spending on security products and services,” said Sid Deshpande, principal research analyst at Gartner.
“However, improving security is not just about spending on new technologies. As seen in the recent spate of global security incidents, doing the basics right has never been more important. Organisations can improve their security posture significantly just by addressing basic security and risk related hygiene elements like threat centric vulnerability management, centralised log management, internal network segmentation, backups and system hardening,” said Mr Deshpande.
Other assumptions behind Gartner’s latest information security market forecast include:
The EU General Data Protection Regulation (GDPR) has created renewed interest, and will drive 65 per cent of data loss prevention buying decisions today through 2018.
The GDPR has caused an overall panic and unease among organisations in Europe, but will also have a global effect since multinationals will also need to adhere to the new law. While organisations are working toward strengthening their knowledge of the regulation, those with some form of data loss prevention (DLP) already implemented are determining what additional capabilities they need to invest in (specifically, integrated DLP such as data classification, data masking and data discovery). In addition, organisations that do not already have strong DLP in place are looking to increase their capabilities.
By 2020, 40 per cent of all managed security service (MSS) contracts will be bundled with other security services and broader IT outsourcing (ITO) projects, up from 20 per cent today.
To deal with the complexity of designing, building and operating a mature security programme in a short space of time, many large organisations are looking to security consulting and ITO providers that offer customizable delivery components that are sold with the MSS. As ITO providers and security consulting firms improve the maturity of the MSS they offer, customers will have a much broader range of bundling and service packaging options through which to consume MSS offerings. The large contract sizes associated with ITO and security outsourcing deals will drive significant growth for the MSS market through 2020.
By 2021, more than 80 per cent of large businesses in China will deploy network security equipment from a local vendor.
China’s recently approved cybersecurity law will contribute to further displacement of US-manufactured network security products with local Chinese vendors. Despite an increase of 24 per cent in 2016, Gartner expects end-user spending growth in Asia/Pacific to return to single-digit yearly growth from 2018 onward, as a result of a decline in average selling prices, due to the more competitive pricing of Chinese solutions.
More detailed analysis is available to Gartner clients in “Forecast Analysis: Information Security, Worldwide, 1Q17 Update” and “It’s Time to Align Your Vulnerability Management Priorities With the Biggest Threats.”