Enterprises across the world are expected to spend US$96.3 billion in security in 2018, an eight per cent increase from 2017.
That is according to Gartner’s latest forecast, which revealed that regulations, shifting buyer mindset, awareness of emerging threats and the evolution to a digital business strategy are some of the reasons why organisations are spending more in security.
Regulatory compliance and data privacy have been stimulating spending on security during the past three years, according to the research firm.
In Australia, the Amendment (Notifiable Data Breaches) Bill 2016 was introduced into Parliament in 2016, passing Parliament in February 2017 and set to start on 22 February 2018. Such regulations can result in increased spending.
Gartner forecasts that by 2020, more than 60 per cent of organisations will invest in multiple data security tools such as data loss prevention, encryption and data-centric audit and protections tools, up from approximately 35 percent today.
Skills shortages, technical complexity and the threat landscape will continue to drive the move to automation and outsourcing.
"Skill sets are scarce and therefore remain at a premium, leading organisations to seek external help from security consultants, managed security service providers and outsourcers," Gartner research director, Ruggero Contu, said. "In 2018, spending on security outsourcing services will total US$18.5 billion, an 11 percent increase from 2017. The IT outsourcing segment is the second-largest security spending segment after consulting."
According to the Australian Bureau of Statistics data, Australian security professionals have seen the biggest increase in the average salary. From 2011 to 2016, the average wage for an IT security specialist grew by 33 per cent, from $84,864 to $112,996. This represents a significant increase when compared to the growth from 2006 to 2011, when it went up by 8.65 per cent, from $78,104 to $84,864.
Gartner predicts that by 2019, total enterprise spending on security outsourcing services will be 75 per cent of the spending on security software and hardware products, up from 63 per cent in 2016.
A big portion of the spending is still in reactive measures rather than preventive, with security services predicted to cost enterprises US$57 million in 2018 whereas infrastructure protection expected to cost US$17 million.
"Cyberattacks such as WannaCry and NotPetya, and most recently the Equifax breach, have a direct effect on security spend, because these types of attacks last up to three years," Contu said.