Gartner: Greater China to lead APac info-sec spending growth

Sid Deshpande, principal research analyst at GartnerGreater China's info-security spending is likely to reach US$2,796 million by the end of 2014, with the highest info-sec spending growth in the APac region at 14.9%

On 25 August, research firm Gartner announced that it forecast worldwide spending on information security to reach US$71.1 billion in 2014, thanks to the increasing adoption of mobile, cloud, social and information -- the mega trends that will likely dominate the tech scene through 2016.

According to Gartner's forecast report, titled "Forecast: Information security, worldwide, 2012-2018, 2Q14 Update," the info-sec spending this year is likely to surpass that of 2013 by 7.9 percent, with the data loss prevention being the fastest growth segment at 18.9%. Total information security spending will grow a further 8.2 percent in 2015 to reach US$76.9 billion.

While Gartner did not have country breakdowns for its IT spend data, it provided a glimpse into the region-specific data tabulated below.

Table 1. Info-security spending by region, 2014 (millions of US dollars)



Spending growth




Mature Asia/Pacific




Greater China




Emerging Asia/Pacific




Source: Gartner (August 2014)

From Table 1 above, Gartner has drawn up three regions in the Asia Pacific: Mature Asia/Pacific, Greater China, and Emerging Asia/Pacific. In 2014, the Mature APac region will take the lion's share of info-security spending at US$11,418 million, and is likely to exceed that of Emerging APac (US$1,811 million) by over six times. As for Greater China, whose info-security spending is likely to reach US$2,796 million by the end of 2014, will record the highest info-sec spending growth at 14.9%, compared to just 7.0% in Mature APac and 9.8% in Emerging APac.

According to Sid Deshpande, principal research analyst at Gartner, a key driver of Greater China's huge info-sec spending growth has been "the increased adoption of mobile, cloud, social and information."

Increased cloud-based delivery

Gartner also forecast by 2015, roughly 10% of overall IT security enterprise product capabilities will be delivered in the cloud.

A significant number of security markets are being impacted by newly emerged delivery models, said Gartner research director Lawrence Pingree. "This will result in the growth of cloud-based security services, which are transforming, to different degrees, the way security is supplied and consumed by customers."

While cloud-based services' competitive pricing puts pressure on the market, the cloud is also providing new growth opportunities, as some organizations switch from deploying on-premises products, to cloud-based services or cloud-managed products.

"Through 2015, the top areas for growth for cloud-based security in the region will be from email security, web security services, identity and access management, anti-DDOS services and Web Application Firewalls," added Deshpande.

As for the small or midsize business (SMB) segment, Gartner forecast more than 30% of SMB-targeted security controls deployed will be cloud-based by 2015.

Market disrupters

How are cloud-based services putting pressure on the market? By how much are cloud-based ones cheaper than traditional ones?

The cost effectiveness of cloud-based security services depends on the scale of the deployment and also the types of cloud services being secured. According to Deshpande, cloud-based security services have a more flexible licensing model than on premise software/hardware deployments and therefore can result in significant capital expenditure savings for adopters (for example, doing away with the need to purchase hardware and software on premise and manage it in house) and free them from the hassles of upgrade cycles.

"In cases where the cloud-based security offering is contributing to the security of a cloud application, e.g., email, it becomes easier for the buying center to embed security spending in the overall cloud application budget," Deshpande said.

Mobile security gains higher priority

Concerning mobile security, Gartner noticed a lack of penetration of security tools among users of new mobile platforms. But the analyst firm does not expect to see new demand for this type of capability to emerge before 2016.

"Most consumers do not recognize that antivirus is important on mobile devices, and therefore have not yet established a consistent practice of buying mobile device endpoint protection software," said Pingree.

"This purchasing trend and market shift away from PCs will have significant repercussions on the consumer security market. However, as mobile devices gain in mass popularity and as security is likely to be a higher priority from 2017 onward, then new market opportunities are likely to emerge."

Cloud security for mobile devices?

Will we see cloud-based security services targeting at mobile devices soon in Asia? Will cloud-based security services open a new form of security loophole in corporate IT infrastructure and via the proliferation of BYOD?

"Increased adoption of mobility initiatives, particularly BYOD, is a driver for the growth of cloud-based security services," Deshpande told Computerworld Hong Kong. "Cloud-based security offerings, when applied to unmanaged mobile devices (i.e. those that are not controlled by enterprise IT), are a viable way for IT security teams to regain visibility and control over user behavior."

As per Gartner's 2014 CIO survey, cloud and mobility are the top two new investment areas for CIO's in Asia/Pacific -- "therefore the time is ripe for cloud-based security offerings to provide security for these new modes of IT deployment," Deshpande said.

"Large enterprises (particularly those in highly regulated industries) often adopt a conservative approach towards cloud-based security services," he added. "However, for organizations that are using a lot of cloud-based applications already -- such as email, collaboration, internet facing web applications, etc., cloud-based security services may actually be a better and more scalable way to secure their online assets."

Join the CSO newsletter!

Error: Please check your email address.

Tags Gartnersecurity

More about Gartner

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Carol Ko

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place