A recent story in CSO highlights the disparity between “information security” (a.k.a. IT security) and “cybersecurity” — namely total spending and market growth.
Gartner, the leading IT analyst firm, puts the global “information security” market at $86.4 billion USD in 2017 and growing by 7 percent to $93 billion USD in 2018.
The Gartner figures, a subset of “cybersecurity,” do not include large swaths of the cybersecurity market (which are converging with IT) — including IoT security, ICS security, automotive security, medical device security, and others.
Global spending on “cybersecurity” products and services, including “information security” will exceed $1 trillion cumulatively from 2017 to 2021 — and will grow by 12 to 15 percent year over year — according to a report from Cybersecurity Ventures.
“IT analyst forecasts are unable to keep pace with the dramatic rise in cybercrime, the ransomware epidemic, the refocusing of malware from PCs and laptops to smartphones and mobile devices, the deployment of billions of under-protected Internet of Things (IoT) devices, the legions of hackers for hire, and the more sophisticated cyber attacks launching at businesses, governments, educational institutions, and consumers globally,” according to the report.
The cost of compliance
Add compliance to the list of cybersecurity expenses.
The $1 trillion figure may stand to be recalculated and boosted by GDPR compliance requirements, which has placed an additional burden and previously unanticipated spend category on CIO and CISO budgets. U.S. companies in particular will need to up their spend or risk heavy fines for non-GDPR compliance.
“If GDPR were an asteroid hurtling towards the United States, those directly in the strike zone would be large, multinational companies,” says Heather Engel, chief strategy officer at Sera-Brynn, a global cybersecurity audit and advisory firm.
“U.S. interests doing business with EU member states, as well as businesses collecting data on EU citizens, will be impacted,” adds Engel. According to Sera-Brynn, the most vulnerable, at least initially, would be U.S.-based tourism and hospitality industries and international air carriers.
GDPR is only one of several compliance mandates that organizations globally are grappling with.
In a recent interview with BNN — Canada’s only all-business and financial news channel — Robert Herjavec, founder and CEO at Herjavec Group, said compliance is driving 50 percent of the cybersecurity market.
The Identity and Access Management (IAM) market has already seen a boost and is expected to reach $16 billion annually by 2022.
Cybercrime damages — an indicator and driver of cybersecurity spending — are expected to cost the world $6 trillion by 2021, up from $3 trillion USD in 2015.
Cyber attack surface growing
Another indicator — the cyber attack surface (human and digital targets) — is growing an order of magnitude larger every year, according to a CSO story published earlier this week.
Some companies, such as Bank of America, have unlimited cybersecurity budgets. If that seems unreal, it may, in fact, become the new norm for large enterprises. If an organization suffers a major cyber attack or data breach, then they’ll do anything and everything to restore normalcy — whether it’s in their incident response budget or not.Read more: Google-hatched Security Planner matches expert advice with your worst security fears
“Fast-expanding market” is the only way to describe cybersecurity, for at least the next five years. Anything less than that is a false sense of cybersecurity.
Visit SteveOnCyber.com to read all of my blogs and articles covering cybersecurity.
This article was originally posted on CSO Online, Dec 14 2017.