Cyber Security spend to rocket 38 per cent by 2020 - but are we any safer?
IDC report shows rising security spend over next 4 years, but will business be any better off? We take a look at the repercussions behind the predictions.
A new report into cyber security spend by International Data Corporation (IDC) reckons that overall spend on security hardware, software and services will increase an impressive 38 per cent by 2020.
In context, the prediction is that global spend in 2016 will hit $73.7 billion, which will subsequently leap to $101.6 billion by the start of the next decade - a compound annual growth rate of 8.3 per cent, more than twice the rate of spending in IT overall.
Security-related services will account for 45 per cent of spending worldwide this year with managed security services leading the way with revenues of $13 billion, the company said. Software spending will come in second, followed by security hardware revenues of $14 billion.
Researchers pointed to a climate of fear driving the investments, fuelled by a long line of destructive hacks and data breaches affecting household names and brands - the most recent being Yahoo’s half-billion breach of course.
“Today’s security climate is such that enterprises fear becoming victims of the next major cyberattack or cyber extortion,” said Sean Pike, the vice president of security products IDC. “As a result, security has become heavily scrutinized by boards of directors demanding that security budgets are used wisely and solutions operate at peak efficiency.”
Wise use of security budgets is of course a sensible step, although there’s a serious question around effectiveness if the growth rate is more than double that of ‘normal’ IT. IDC’s sector growth allocations provide some clue here though, predicting that the banking vertical will spend $8.6 billion, followed by discrete manufacturing, government and process manufacturing. These our industries account for 37 per cent of global security revenues this year, and will maintain the lion’s share of spend through to the next decade, according to the IDC report.
However, other industry verticals are racing to catch up in this uneven race, with healthcare (10.3 per cent CAGR), followed by telecommunications, utilities, state/local government, and securities and investment services all hitting CAGRs above 9.0 per cent over the period.
As Ilia Kolochenko, CEO High-Tech Bridge recently told the Financial Times Cybersecurity Summit in London “Something is wrong here: we cannot continuously increase our cybersecurity budget and get instantly and more frequently hacked in parallel.
He continued to point out that too often “companies spend their budgets on new technologies, before conducting holistic and comprehensive risk (re)assessment in order to understand which risks and threats they need to mitigate and in which priority. Cybersecurity management is not rocket science.”
So what is the solution to rising cybersecurity costs? Sadly, it’s often unsexy - more about hard work, planning and internal resource management that simply buying in the latest magic box. As noted above, while any board doing due diligence will want to see measurable benefits to security investment, delivering this doesn’t have to run contrary to common sense.
By conducting a best practice approach to security management - via a comprehensive inventory and holistic risk assessment initially, then an RFP and finally an evaluation and continuous monitoring stage - most businesses can expect to control their spend far more effectively.