Global information security expenditures have risen in 2014, up to $71.1 billion, according to a recent study from Gartner. The year’s total represents an increase of 7.9 percent over 2013 totals. Organizations appear to be focusing on data loss prevention – the fastest growing area for spending at 18.9 percent higher than 2013.
Gartner also found significant outlay on cloud computing and securing mobile technologies. The firm expects total information security spending to increase more in 2015, by an estimated 8.2 percent to reach $76.9 billion.
Lawrence Pingree, Gartner research director, described the convergence of social, mobile and cloud technology as a “nexus of forces” that drives spending to keep information safe from malicious actors.
“This ‘nexus of forces’ is impacting security in terms of new vulnerabilities,” said Pingree. “It is also creating new opportunities to improve effectiveness, particularly as a result of better understanding security threats by using contextual information and other security intelligence.”
Readily available malicious software has created a “democratization of security threats,” according to Gartner.
“This has led to increased awareness among organizations that would have traditionally treated security as an IT function and a cost center,” said Pingree.
Gartner predicted that about 10% of all IT security product options would be delivered through the cloud by 2015 – particularly for the small to midsize business segments. This new form of security service delivery promises to alter pricing and growth for organizations that specialize in this area.
“By 2018, more than half of organizations will use security services firms that specialize in data protection, security risk management and security infrastructure management to enhance their security postures,” Gartner stated. “Many organizations continue to lack the appropriate skills necessary to define, implement and operate appropriate levels of data protection and privacy-specific security controls. This lack of skills leads organizations to contract security consulting firms that specialize in data protection and security risk management to address regulatory compliance demands and enhance their security postures. A significant portion of organizations are shifting existing resources away from the operational aspects of security technologies, such as security device administration and monitoring, toward mitigation and incident response. This new dynamic has given rise to significant growth throughout the globe for managed security services.”