Press Release

Egham, UK, December 7, 2017 View All Press Releases

Gartner Forecasts Worldwide Security Spending Will Reach $96 Billion in 2018, Up 8 Percent from 2017

Security Risks Drive Growth in Overall Security Spending

Gartner, Inc. forecasts worldwide enterprise security spending to total $96.3 billion in 2018, an increase of 8 percent from 2017. Organizations are spending more on security as a result of regulations, shifting buyer mindset, awareness of emerging threats and the evolution to a digital business strategy. 

"Overall, a large portion of security spending is driven by an organization's reaction toward security breaches as more high profile cyberattacks and data breaches affect organizations worldwide," said Ruggero Contu, research director at Gartner. "Cyberattacks such as WannaCry and NotPetya, and most recently the Equifax breach, have a direct effect on security spend, because these types of attacks last up to three years." 

This is validated by Gartner's 2016 security buying behavior survey*. Of the 53 percent of organizations that cited security risks as the No. 1 driver for overall security spending, the highest percentage of respondents said that a security breach is the main security risk influencing their security spending. 

As a result, security testing, IT outsourcing and security information and event management (SIEM) will be among the fastest-growing security subsegments driving growth in the infrastructure protection and security services segments (see Table 1). 

Table 1

Worldwide Security Spending by Segment, 2016-2018 (Millions of Current Dollars)


Segment

2016

2017

2018

Identity Access Management

3,911

4,279

4,695

Infrastructure Protection

15,156

16,217

17,467

Network Security Equipment

9,789

10,934

11,669

Security Services

48,796

53,065

57,719

Consumer Security Software

4,573

4,637

4,746

Total

82,225

89,133

96,296

Source: Gartner (December 2017) 

Gartner analysts said that several other factors are also fuelling higher security spending.

Regulatory compliance and data privacy have been stimulating spending on security during the past three years, in the US (with regulations such as the Health Insurance Portability and Accountability Act, National Institute of Standards and Technology, and Overseas Citizenship of India) but most recently in Europe around the General Data Protection Regulation coming into force on 28th May 2018, as well as in China with the Cybersecurity Law that came into effect in June 2016. These regulations translate into increased spending, particularly in data security tools, privileged access management and SIEM.

Gartner forecasts that by 2020, more than 60 percent of organizations will invest in multiple data security tools such as data loss prevention, encryption and data-centric audit and protections tools, up from approximately 35 percent today.

Skills shortages, technical complexity and the threat landscape will continue to drive the move to automation and outsourcing. "Skill sets are scarce and therefore remain at a premium, leading organizations to seek external help from security consultants, managed security service providers and outsourcers," said Mr. Contu. "In 2018, spending on security outsourcing services will total $18.5 billion, an 11 percent increase from 2017. The IT outsourcing segment is the second-largest security spending segment after consulting." 

Gartner predicts that by 2019, total enterprise spending on security outsourcing services will be 75 percent of the spending on security software and hardware products, up from 63 percent in 2016. 

Enterprise security budgets are also shifting towards detection and response, and this trend will drive security market growth during the next five years. "This increased focus on detection and response to security incidents has enabled technologies such as endpoint detection and response, and user entity and behavior analytics to disrupt traditional markets such as endpoint protection platforms and SIEM," said Mr. Contu. 

Gartner analysts will further discuss where to deploy technology to add value to security, risk and privacy programs at the Gartner Identity & Access Management Summit, 5-6 March 2018 in London. Follow news and updates from the events on Twitter using #GartnerIAM

*For Editors

In the second quarter of 2016, Gartner conducted a survey to gain insights about current and planned security spending from the end-user community. A total of 512 respondents from eight countries: Australia, Canada, France, Germany, India, Singapore, the U.K. and the U.S., participated in the survey.

Gartner clients can learn more in "Forecast: Information Security, Worldwide, 2015-2021, 3Q17 Update."  

Contacts
About Gartner

Gartner, Inc. (NYSE: IT) is the world's leading research and advisory company. The company helps business leaders across all major functions in every industry and enterprise size with the objective insights they need to make the right decisions. Gartner's comprehensive suite of services delivers strategic advice and proven best practices to help clients succeed in their mission-critical priorities. Gartner is headquartered in Stamford, Connecticut, U.S.A., and has more than 15,000 associates serving clients in 11,000 enterprises in 100 countries. For more information, visit www.gartner.com.

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.