Gartner has projected that worldwide spending on information security and risk management technology and services will grow just 2.4% this year, well below the 8.7% growth it had estimated just a few months ago.
The Covid-19 pandemic had disrupted supply chains and production across the world, forcing organisations, whether large or small, to limit their spending to survive until the crisis is over and normalcy returns. Unfortunately, the significant impact of the pandemic on business revenues across the world has impacted cyber security spending as well.
According to Lawrence Pingree, managing vice president at Gartner, a reduction of growth in both security software and services will take place during 2020 but at the same time, the pandemic is driving short-term demand in areas such as cloud adoption, remote worker technologies and cost-saving measures. Demand for these services will keep cyber security spending in the green for the rest of the year.
While worldwide spending on information security and risk management technology and services will not contract, the growth in sectoral spending will be incremental at best with the overall spending rising from $120.9 billion in 2019 to $123.8 billion in 2020.
For instance, spending on infrastructure protection will increase from $1.65 billion to $1.74 billion, spending on security services will increase from $61.9 billion to $64.2 billion, spending on cloud security will rise from $439 million to $545 million, and spending on identity access management solutions will increase from $9.8 billion to $10.4 billion. Spending on network security equipment, however, is expected to contract from $13.3 billion in 2019 to $11.6 billion this year.
Noting that cloud-based delivery models have reached well above 50% of the deployments in markets such as secure email and web gateways, Gartner added that the ongoing shift to a cloud-based delivery model makes the security market somewhat more resilient to a downturn, with an average penetration of 12% of overall security deployments cloud-based in 2019.
According to Amanda Finch, CEO of Chartered Institute of Information Security Professionals (CIISec), the slowdown was to be expected as organisations have tightened their belts to get through this indeterminate period of reduced activity. “While it’s positive to see some continued growth throughout 2020 – however small – a recession is still seemingly inevitable given the economic damage the virus has already caused.
“Budgets will be stretched even tighter in the near future and cutbacks in some sectors will be brutal; simultaneously, this won’t stop attackers who will see this as a golden opportunity. As such, with this tightening of purse strings security teams will need to do more with less. That might mean automating key business processes, or relying on upstream service providers who can provide essential capabilities more cost-effectively.
“However, as these approaches can also open new avenues for attackers, security teams will need to develop creative new ways to shut down these opportunities. This may be as simple as increased collaboration, as security researchers use new ways to share potential threats and processes – especially as chances to meet in-person are likely to become rarer. Or it may mean automating as many security processes as possible, while still keeping an essential level of human decision that removes the ability of attackers to predict and identify weaknesses,” she adds.