Enterprise security and risk management spending will total US$1.7 billion in 2020, an increase of 10.7% from 2019, according to a recent forecast by Gartner, Inc.
“The double-digit growth is a reflection of how organizations are coming up to speed with their global counterparts in adopting information security and risk management solutions,” said Sam Olyaei, research director at Gartner. “More importantly, an evolving threat landscape and the advent of digital transformation is forcing local security and risk leaders to re-evaluate their spending priorities.”
Security services and network security continue to be the top two security and risk management spending priorities for CISOs. Both segments will account for 66% of total security and risk management spending in 2020 (see Table 1).
Table 1
Enterprise Information Security and Risk Management End User Spending by Segment, 2019-2021 (Millions of U.S. Dollars)
Segment | 2019 | 2020 | 2021 |
Application Security | 40 | 44 | 48 |
Cloud Security | 8 | 15 | 26 |
Data Security | 57 | 72 | 92 |
Identity Access Management | 146 | 161 | 178 |
Infrastructure Protection | 227 | 255 | 285 |
Integrated Risk Management | 30 | 33 | 36 |
Network Security | 315 | 341 | 368 |
Other Information Security Software | 27 | 28 | 30 |
Security Services | 755 | 828 | 902 |
Total | 1,604 | 1,776 | 1,965 |
Due to rounding, figures may not add up precisely to the totals shown.
Source: Gartner (October 2019)
Managed Security Services includes services that involve security processes such as monitoring, detection, and response. “We continue to see a pervasive shortage of talent in the region, especially as it relates to tactical functions, and this has pushed leaders to leverage managed security service providers (MSSPs) and other consultants to manage their operational capabilities,” said Mr. Olyaei.
Despite smaller levels of spending, cloud security and data security will continue to remain the fastest growing segments for enterprise security and risk management spending. A shift to a cloud-first strategy remains a priority, especially as major cloud service providers set up shop in Asia.
The growing spending in security and risk management also showed that it has become a boardroom priority locally. CISOs are seeking to improve their communication with the board of directors who have more visibility on security, threats and vulnerabilities than ever. “Simply put, executives are beginning to realize the true business impact of cybersecurity,” said Mr. Olyaei. “It is no longer a matter of if, but when and executives are demanding that their leaders continue to facilitate business outcomes”