According to Gartner’s latest forecast, spending on information security and risk management products and services is forecast to grow 11.3 percent to reach more than $188.3 billion in 2023.
As organisations increase their focus on ESG, third-party risk, cyber-security risk and privacy risk, Gartner predicts that the integrated risk management (IRM) market will show double-digit growth through 2024, until greater competition results in cheaper solutions.
Security services including consulting, hardware support, implementation and outsourced services is the largest category of spending, at almost $72 billion in 2022 and expected to reach $76.5 billion in 2023.
Three key drivers
Gartner said it has identified three key drivers behind market-spend. Firstly, the demand for technologies that enable a secure remote and hybrid work environment, which will increase beyond 2022, as well as the rise of zero trust network access (which is forecast to grow by 31 percent in 2023), driven by the increased demand for zero trust protection for remote workers and organisations’ reducing dependence on VPNs for secure access and thirdly, a shift to cloud-based delivery models.
Due to multi-cloud environments, organisations face increased security risks as well as the complexity of operating and managing multiple technologies. Gartner’s analysts believe this will lead to a push toward cloud security and the market share of cloud-native solutions will grow.
The threat landscape
Cyber extortionists have responded by developing new strains of malware
Michael Smith, CTO, Neustar Security Services offers the following statement: “The threat landscape has evolved significantly. While many organisations have strengthened their defences and improved their backup and recovery measures, cyber extortionists have responded by developing new strains of malware and implementing more complex methods of attack.”
“Given the rapid pace of change we have witnessed over the past two years, businesses are starting to realise how exposed they are. As Gartner’s report suggests, there has been a major shift to cloud-based delivery models or multi-cloud environments, increased remote and hybrid capabilities, which in turn, introduces a whole new host of devices and systems to companies’ networks, which have been placed under tremendous strain for quite some time – with added network complexity, comes increased risk and exposure.
The investment growth
Smith adds, “this investment growth clearly indicates that leaders are starting to review their current security technologies and the mitigation plans that they have in place to protect their infrastructure.”
“They will have to rapidly operationalise their investments if they are looking to deliver time to value and keep up with the accelerated rate of change we have witnessed since the start of the pandemic – especially if they are looking to stay ahead of the more dangerous threats and attack methods that are emerging.”
“Ransomware attacks continue to be among the most widespread and disruptive cyber threats faced by enterprises, but the attack vector is shifting. All organisations should be committed to best current practices (BCPs) and know that they are responsible for their customers’ data.”
Layered defences
Cybersecurity experts consistently (and rightly) call for layered defences
Smith further adds, “cyber security experts consistently (and rightly) call for layered defences — including regular backups, reliable updating and patching of all software and systems and employee education — but the shifting threat landscape is making the need for early detection even more critical.”
“Changes in extortionists’ behavior mean that internal security teams now need to prioritise an even broader range of prevention and mitigation measures.”
