KUALA LUMPUR (Oct 14): Spending on information security and risk management products and services is forecast to grow 11.3% to reach more than US$188.3 billion (RM884.8 billion) in 2023.
In a statement on Thursday (Oct 13), consulting firm Gartner Inc said three factors influencing growth in security spending are the increase in remote and hybrid work, the transition from virtual private networks to zero-trust network access (ZTNA), and the shift to cloud-based delivery models.
Gartner senior director analyst Ruggero Contu said the Covid-19 pandemic had accelerated hybrid work and the shift to the cloud, challenging the chief information security officer (CISO) to secure an increasingly distributed enterprise.
“The modern CISO needs to focus on an expanding attack surface created by digital transformation initiatives, such as cloud adoption, IT/OT-IoT convergence, remote working, and third-party infrastructure integration.
“Demand for technologies and services such as cloud security, application security, ZTNA, and threat intelligence has been rising to tackle new vulnerabilities and risks arising from this exposure,” he said.
Contu said cloud security is the category forecast to have the strongest growth over the next two years.
As organisations increase focus on environmental, social and governance risk, third-party risk, cybersecurity risk and privacy risk, Gartner forecast that the integrated risk management market will show double-digit growth through 2024, until greater competition results in cheaper solutions.
The firm said security services including consulting, hardware support, implementation and outsourced services are the largest category of spending at almost US$72 billion in 2022, and is expected to reach US$76.5 billion in 2023.
Worldwide information security and risk management end-user spending by segment, 2021-2023 (millions of US dollars)
Market segment |
2021 spending |
2021 growth (%) |
2022 spending |
2022 growth (%) |
2023 spending |
2023 growth (%) |
Application security |
4,963 |
20.8 |
6,018 |
21.3 |
7,503 |
24.7 |
Cloud security |
4,323 |
36.3 |
5,276 |
22.0 |
6,688 |
26.8 |
Data privacy |
1,140 |
14.2 |
1,264 |
10.8 |
1,477 |
16.9 |
Data security |
3,193 |
6.0 |
3,500 |
9.6 |
3,997 |
14.2 |
Identity access management |
15,865 |
22.3 |
18,019 |
13.6 |
20,746 |
15.1 |
Infrastructure protection |
24,109 |
22.5 |
27,408 |
13.7 |
31,810 |
16.1 |
Integrated risk management |
5,647 |
15.4 |
6,221 |
10.1 |
7,034 |
13.1 |
Network security equipment |
17,558 |
12.3 |
19,076 |
8.6 |
20,936 |
9.7 |
Other information security software |
1,767 |
26.2 |
2,032 |
15.0 |
2,305 |
13.4 |
Security services |
71,081 |
9.2 |
71,684 |
0.8 |
76,468 |
6.7 |
Consumer security software |
8,103 |
13.7 |
8,659 |
6.9 |
9,374 |
8.3 |
Total |
157,749.7 |
14.3 |
169,156.2 |
7.2 |
188,336.2 |
11.3 |
Source: Gartner (October 2022)