Gartner Forecast: Spending on Security and Risk Management to Rise

Research firm Gartner forecasts a 12.4 percent increase in global spending on information security and risk management technologies and services in 2021. In 2020, spending on security and risk management rose comparatively by 6.4 percent.

According to Gartner analysts, this strong growth reflects sustained demand for technologies supporting remote work and cloud security.

“Enterprises continue to grapple with the security and regulatory requirements of public cloud and Software as a Service (SaaS),” says Lawrence Pingree, Managing Research Vice President at Gartner. “We’re already seeing early market signals pointing toward increased automation and broader adoption of machine learning technologies to support AI security. To combat attacks, organizations will expand and standardize their threat detection and response capabilities.”

In the Gartner 2021 CIO Agenda Survey, cybersecurity ranked highest among new investment priorities. Sixty-one percent of the more than 2,000 surveyed CIOs plan to increase their investments in cybersecurity / information security this year.

End-user spending on information security and risk management, by segment, 2020-2021 (in USD millions). Source: Gartner.

Security services – including consulting, hardware support, implementation, and outsourced services – represent the largest spending category in 2021, totaling nearly $72.5 billion globally. The smallest but fastest-growing market segment is cloud security, particularly Cloud Access Security Brokers (CASBs).

Growing use of cloud services drives demand for CASBs. Source: AdobeStock / Daniel Coulmann.

“The pace of customer inquiries shows that CASB is a popular choice for enterprises adopting cloud,” said Mr. Pingree. “This popularity stems from the rising use of non-PC devices to interact with core business processes. The resulting security risks can be effectively mitigated using CASBs. CASBs also enable safer interactions between SaaS applications and unmanaged devices.”

Integrated Risk Management (IRM) technology is also experiencing steady double-digit growth, driven by heightened risks during the global pandemic crisis.

“Key areas expected to significantly influence demand in the near term include the emergence of new digital products and services – and associated health and safety applications – as well as third-party risks, such as customer data breaches or supply chain attacks,” says John Wheeler, Senior Research Director at Gartner.

This article is based on a press release by archetype.

TL;DR

Research firm Gartner forecasts a 12.4 percent increase in global spending on information security and risk management technologies and services in 2021.
In 2020, spending on security and risk management rose comparatively by 6.4 percent.
“To combat attacks, organizations will expand and standardize their threat detection and response capabilities.” In the Gartner 2021 CIO Agenda Survey, cybersecurity ranked highest among new investment priorities…
Source: Gartner.[/caption] Security services – including consulting, hardware support, implementation, and outsourced services – total nearly $72.5 billion globally…

Key Facts

Cloud security incidents: 45 percent of data breaches involve cloud environments.

Misconfigurations: 80 percent of cloud security incidents stem from misconfigurations.

Frequently Asked Questions

What are the most common cyber threats facing enterprises?

According to the BSI (Federal Office for Information Security) Situation Report, ransomware, phishing, DDoS attacks, and supply chain compromises are the most prevalent threats. For German companies, regulatory risks – including the GDPR and NIS2 Directive – add further complexity.

How much should a company invest in cybersecurity?

Industry experts recommend allocating 10 to 15 percent of the IT budget to cybersecurity. According to Bitkom, German companies average 14 percent. What matters most is not just the amount – but the strategic allocation across prevention, detection, and response.

Does every company need a CISO?

Not every organization requires a full-time Chief Information Security Officer (CISO), but every company must assign clear accountability for IT security at the executive leadership level. SMEs can engage an external or virtual CISO. Under NIS2, management accountability for cybersecurity is now enshrined in law.