In their latest research report, Gartner has forecast that global security and risk management spending growth is slowing, with the overall market only propped up by short term demand for cloud and remote worker security.
Information security spending will grow by 2.4% in 2020 to reach $123.8 billion. This is a lot lower than the 8.7% growth Gartner predicted in its December 2019 forecast.
The coronavirus pandemic has slowed economic activity around the world and inevitably has had an effect on the security market. However, growth has been slowing for a while. The only area to show significant growth over the last year is cloud security which has grown by a third. In contrast the market for network security equipment has slumped by 12.6%.
The need to service remote workers, whose numbers have increased vastly during the pandemic, has helped to hold the market up. This has involved many businesses going through extremely fast transformations to put in place home working capabilities for staff.
However as Piers Wilson, Head of Product Management at Huntsman Security points out, this has also meant that security processes, system maintenance security audits and even front-line security operations have been disrupted. “As a result, the number of endpoints and the number of systems where data is stored has increased, whilst organisations’ focus has potentially been on getting people online rather than making sure all these new systems are totally secure.”
The pandemic lockdown has caused a huge recession and belts are being tightened everywhere. This includes spending on security which is likely to be lower than planned. And according to Piers Wilson this is creating a perfect storm for increasing the risk of breaches in the near future. “Internal audits, consultancy projects and third party assurance activities have all been delayed.”
Remote working along with the many scams that use COVID-19 as a hook are increasing cyber security threat levels. But the risk and regulatory expectations have not lessened and controls still need to be robust.
Keeping cyber safe during the pandemic
Amanda Finch, CEO of the Chartered Institute of Information Security Professionals (CIISec) points out that “with a tightening of purse strings security teams will need to do more with less. That might mean automating key business processes or relying on upstream service providers who can provide essential capabilities more cost-effectively.”
However, these approaches can also extend an organisations attack surface, opening them up to further risks. Security teams will therefore need to develop creative new ways to close off these risks.
Amanda Finch points out that this may be as simple as increased collaboration, as security researchers work together online to share potential threats and processes. But it could also mean automating as many security processes as possible, while still keeping an essential level of human decision that removes the ability of attackers to predict and identify weaknesses.
Whatever solution is employed, the secret will be vigilance. Businesses must ensure they are monitoring IT and OT systems closely for potential breaches. And they must ensure that when attacks are discovered they can respond quickly and avert further disruption to their organisations. This means that they must have sufficient visibility of the operation of security controls in both their own networks and across their supply chains.
Piers Wilson puts it like this: “It might look as though things have quietened down from a cybersecurity perspective compared to the beginning of the pandemic, but the fact is that the risk is as high today as it was 3 months ago – if not higher. Businesses must continue to keep systems secure as a priority.”
Gartner’s coronavirus resource center contains a collection of complimentary research and webinars to help organizations respond, manage and prepare for the rapid spread and global impact of COVID-19.
Main image courtesy of iStockPhoto.com