While there’s no absolute correlation between the amount of money allocated and the level of IT security achieved it’s been clear to everyone for some time that IT security initiatives inside most organizations have been fully funded. But a new IT security spending forecast from International Data Corp. (IDC) suggests that’s finally about to change.
IDC is forecasting that worldwide spending on security-related hardware, software, and services will increase from from $73.7 billion in 2016 to $101.6 billion in 2020. That forecast represents a compound annual growth rate (CAGR) of 8.3 percent, which IDC notes is more than twice the rate of overall IT spending growth over that same five-year forecast period.
IDC says security-related services, which will account for nearly 45 percent of all security spending worldwide in 2016; with the largest segment of that spending involving managed security services that IDC is forecasting will generate revenues of $13 billion this year.
IDC says security software will be the second largest category in 2016, with endpoint security, identity and access management, and security and vulnerability management software driving more than 75 percent of the category's revenues. IDC also identifies user behavior analytics software with a compound annual growth rate of 12.2 percent.
Finally, IDC says security hardware revenues will reach $14.0 billion in 2016, led by purchases of unified threat management systems.
IDC also identifies where all that IT security spending is coming from. The industries making the largest investments in security solutions in 2016 will be banking ($8.6 billion), followed by discrete manufacturing, federal/central government, and process manufacturing. These four industries will deliver 37% of worldwide security revenues this year as well as through the next five years, says IDC.
The industries that will see the fastest growth in their security investments will be healthcare (10.3% CAGR), followed by telecommunications, utilities, state/local government, and securities and investment services. IDC says each of these industries will witness compound annual growth rates above 9 percent over the next five years.
Add it all up and it’s clear that in terms of new budget allocations organizations of all sizes are ratcheting up investments in IT security. In fact, multiple surveys at this point suggest that in the face of attacks that are increasing in both volume and sophistication IT security by a wide margin is now the highest spending priority for most organizations.
For IT security professionals that increased level of spending represents both an opportunity to better defend their organizations and validation. IT security professionals have been warning about the perils of underfunding IT security for years. Now that the consequences of that lack of funding are become apparently to all, IT security has become a board level concern inside most organizations. Spurred on by more stringent regulations and it’s clear that IT security budgets will soon be a distinct line item inside most organizations that often exists outside the rest of the IT budget.
Business leaders may not like being required to allocate more dollars to IT security. After all, IT security doesn’t generate the same kind of return on investment as new application. But as the financial costs associated with IT security breaches continues to rise those same business leaders are finally coming to terms with the fact there is a direct correlation between inadequate IT security and the costs the business will absorb once that all but inevitable IT security breach occurs.
Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet, and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot.Mike also blogs about emerging cloud technology for Intronis MSP Solutions by Barracuda.
Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.