Gartner: 2016 Will Be a Banner Year for Worldwide Information Security Spending

By Steve Anderson
Contributing Writer

We all know the value of cyber security, especially in the light of all the reported major data breaches which seem to be increasing in terms of their frequency and sophistication. In reaction, according to a recent Gartner (News - Alert) study, spending of cybersecurity solutions will rise this year with some specific areas clearer beneficiaries than others.

The total worldwide spend, Gartner noted, is expected to hit $81.6 billion by the end of 2016, which represents a 7.9 percent increase over 2015's spend. Projecting outward through 2020 reveals that data loss prevention (DLP), IT outsourcing, and security testing will be the biggest potential points of gain in that time frame. IT outsourcing is also one of the biggest chunks of spending in the sector right now, alongside consulting.

Since those who practice security measures prefer preventative measures, Gartner projects that preventative security will carry on its current growth pattern for some time to come. Some more immediately protective measures like security information and event management (SIEM) and secure Web gateways (SWG) will have greater growth, as the SWG market alone will continue at a five to 10 percent growth rate through 2020. This is in large part to increased interest in detection-and-response approaches.

Gartner, senior research analyst Elizabeth Kim, noted that the increased interest in detection-and-response comes mainly from a reduced perception that preventative approaches are working to keep out attacks. That's an attitude that may harm companies down the line, Kim explained. She suggests that companies continue a balanced response in spending on both prevention and detection.

Moreover, firewall prices are expected to rise through 2018 as firewalls cover more attacks over more locations thanks to service providers and Web-scale operations stepping in. Nearly all organizations—90 percent—will have some form of DLP in place by 2018, and that's up from only half of organizations today. Finally, the increased adoption of public clouds won't have much impact on firewall spending until about 2020.

That's a lot of change coming up in the near term, but one point that seems to be going unrecognized here is encryption. Encrypting data for protection from outside attack doesn't seem to be drawing nearly as much interest as either prevention or detection methods, and that's unusual given the headlines and the countless recommendations from solutions vendors that encryption, particularly of email and attachments, is now becoming mission critical for protection. It should be a part of a complete, robust process that can better fend off outside attack by either stopping it from reaching the system, blocking it as it tries to enter the system, or making the produce of an attack useless.

The bad guys are continuing to have a very good year, and clearly what Gartner sees is that companies are adopting an approach that an ounce of prevention really is worth a pound of cure.