Does a 7% increase in cybersecurity spending seem like a lot to you? Or does it seem to be a low ball number for an industry that's struggling to keep up with large-scale global attacks like NotPetya and WannaCry?
What if that number transforms into $86.4 billion in cyber spending? Does that seem like a reasonable number to appropriately protect a company's most precious assets?
A recent report from Gartner predicts that cybersecurity spending will increase by 7% in 2017 to reach $86.4 billion by the end of the year, and $93 billion by 2018.
“Gartner has taken a very conservative evaluation on information security spending that it will grow by only 7%," says Joseph Carson, Chief Security Scientist at Thycotic. "I believe that the actual number will be much higher given that many aggressive regulations will come into enforcement in 2018 including the EU General Data Protection Regulation (GDPR). This will force many companies to increase spending on information security and response to avoid becoming either victims or receiving massive financial fines for failure to protect and secure."
After all, Maersk alone, one of the companies hardest hit by WannaCry, has recently reported their losses at $300 million due to the data breach. Will companies look at this and take note, preferring to spend money up front than cleaning up mess after the fact?
Gartner reports that security services such as IT outsourcing and consulting services will be the fastest growing portion of security spending, while spending on hardware support services will slow as cloud services become more popular.
A huge influence in buying decisions resides with the adoption of the EU General Data Protection Regulation (GDPR), according to Gartner. The report predicts a 65% increase through 2018 in decisions made to invest in data loss prevention.
“Organizations recognize that they cannot stand still in their information security posture, because attackers are continuing to advance in their tactics for compromising enterprise defenses. The idea of employing multiple security layers to implement defense in depth continues to be a useful approach for protecting data without relying on a single security control to work perfectly at all times. However, adding layer after layer is costly. Therefore, as enterprises consider what security mechanisms to add to their existing infrastructure, they should evaluate what gaps exist with the security mechanisms already in place," says Lenny Zeltser, Vice President of Products at Minerva.
"Organizations should understand the gaps in their security mechanisms and address them by getting the most out of their existing products and augmenting them with mechanisms that compensate for the remaining gaps,” he adds.