A jump in security spending is being driven by a new focus on enhanced detection and response capabilities, rather than prevention only techniques, according to Gartner.
Gartner is forecasting worldwide spending on information security to reach $90 billion in 2017, an increase of 7.6 percent over 2016, and to top $113 billion by 2020.
One of the key drivers for the spending increase will be the implementation of new detection and response techniques, a top security priority for organisations this year, Gartner said.
This shift will drive most of the security market growth over the next five years, according to Gartner principle research analyst, Sid Deshpande.
“While this does not mean that prevention is unimportant or that chief information security officers (CISOs) are giving up on preventing security incidents, it sends a clear message that prevention is futile unless it is tied into a detection and response capability,” Deshpande said.
A skills shortage in the area means detection and response technology and personnel will come at a premium, as most current measures are still focused on prevention.
According to Gartner, many organisations lack established organisational knowledge of detection and response strategies in security because preventive approaches were the most common tactics for decades.
Adding, many organisations will be forced to look for partnerships with security consultants and managed security service providers (MSSPs).
However, even the MSSPs will need to remain agile as new specialised management detection and response services (MDR) threaten the incumbent MSSPs.
“The rising number of point solutions in the security market that address detection and response is creating sprawl and manageability issues for CISOs and security managers, driving spending for management platforms and services that are better integrated with adjacent markets,” Gartner said.
The challenges that come with the new digital landscape may also provide new opportunities. Improving security technology is also generating improved intelligence, data and analytics.
According to Gartner research director, Lawrence Pingree, this can help CISOs demonstrate value to the board.
“The key enabler for CISOs in this endeavour is to get visibility across their security infrastructure to make better decisions during security incidents. This visibility will enable them to have a more strategic and risk-based conversation with their board of directors, CFO and CEO about the direction of their security program,” he said.