Companies’ security budgets are increasing with the rise in cyber-attacks. 2017 should finish with a 7.6% rise in security spending, according to Gartner, standing at $90 billion.

Hacking, intrusions and ransomwares are driving companies’ security budgets up: a report by Gartner revealed a 7.6% rise in 2017, with forecasts as high as $113 billion by 2020. Despite the increase in global IT budgets in 2017 being lower than anticipated – up 1.4 % compared with the initial forecast of 2.7%, according to Gartner’s figures – it predicts strong growth in the penetration test market. According to the report, the fastest growth will be in security services, for consulting, IT outsourcing and implementation. Spending on hardware, however, will decline, as a result of the adoption of virtual appliances, public cloud and cloud-based security software.

GDPR has caused a rise in spending

The European GDPR directive (General Data Protection Regulation) which is due to come into force in May 2018 is another reason for increased spending, in order to ensure compliance. “GDPR has caused an overall panic and unease among organizations in Europe, but will also have a global effect since multinationals will also need to adhere to the new law,” says Gartner, who predict a jump of 7.6% in security budgets in 2018.

All companies are targeted by attacks

The high number of cyber-attacks in 2016 and 2017 and the ensuing media coverage was a wake-up call for companies of all sizes, inciting them to be vigilant and invest in IT security. And yet, according to Clusif, over 50% of companies are still spending less than 3% of their IT budget on security (source Clusif 2016).

Gartner also noted that companies are switching from an essentially preventive security approach to detection and response. "The shift to detection and response approaches spans people, process and technology elements and will drive a majority of security market growth over the next five years," said Sid Deshpande, principal research analyst at Gartner. "While this does not mean that prevention is unimportant or that chief information security officers (CISOs) are giving up on preventing security incidents, it sends a clear message that prevention is futile unless it is tied into a detection and response capability."

Sources : Gartner