Enterprise cybersecurity spending will hit a high of $96.3 billion in 2018, as organizations rush to protect themselves from damaging data breaches and meet regulatory compliance requirements, according to Gartner.
The analyst firm said the figure represents an 8% increase on 2017 spending. It added that of the 53% of organizations citing security risks as the number one driver for spending, breaches were the top risk they identified.
Those stats come from a security spending study that Gartner conducted with global clients last year.
Security testing, IT outsourcing and security information and event management (SIEM) will be among the fastest-growing sub-segments next year, boosting growth in Gartner’s infrastructure protection and security services segments.
In fact, security services revenue will hit $57.7bn in first place, followed by infrastructure protection ($17.5bn) and network security equipment ($11.7bn).
The smaller segments of consumer security software ($4.7bn) and identity and access management ($4.7bn) will bring up the rear next year.
“Overall, a large portion of security spending is driven by an organization's reaction toward security breaches as more high profile cyberattacks and data breaches affect organizations worldwide," said Ruggero Contu, research director at Gartner. "Cyber-attacks such as WannaCry and NotPetya, and most recently the Equifax breach, have a direct effect on security spend, because these types of attacks last up to three years."
Regulations including the EU GDPR, HIPAA and NIST in the US, the Overseas Citizenship of India, and China’s Cybersecurity Law, are also driving spending increases in security, the analyst claimed.
Other trends include a shift towards detection and response, especially at the endpoint, and automation and outsourcing.
The latter are in part a response to chronic industry skills shortages — in fact, spending on security outsourcing will reach $18.5 billion in 2018, an 11% increase from 2017, making it the second-largest segment after consulting.
Tim Woods, vice president, technology alliances at FireMon, argued that buying in new technologies can add complexity.
“We’re reaching a breaking point in that regard,” he added. “Automation can ease some of the management burden, at least making processes more efficient. But what it really comes down to is setting and enforcing a strong policy that creates a desirable ‘end-state’ for security.”
Tripwire senior director of security research, Lamar Bailey, argued that firms should focus on the security basics.
“A solid security program focusing on foundational security will thwart around 90% of the active threats,” he claimed.