Worldwide user spending on security and risk management tool and projects could reach as high as $214bn (£175bn) in 2024, representing a 14.3% increase on 2023, according to the latest forecast from analyst house Gartner.
With growth in public cloud services showing no signs of abating, it will be the cloud security spending that will push much of this growth, up 24.7% in 2024, for a total value of $7bn, said Gartner.
Much of this will come in areas such as cloud access security broker software (CASB) and cloud workload protection platforms (CWPP), while cloud-based detection and response solutions including endpoint detection and response (EDR) and managed detection and response (MDR) will also see healthy growth.
The continuous adoption of cloud, continuous hybrid workforce, rapid emergence and use of generative AI, and the evolving regulatory environment are forcing security and risk management leaders to enhance their security and risk management spending,” said Shailendra Upadhyay, senior research principal at Gartner.
“At the same time, they are focusing their efforts by adopting technical security capabilities that provide far greater visibility and responsiveness across the organisation’s entire digital ecosystem and restructuring the way the security function operates to enable agility without compromising security.”
Also posting big numbers in 2024, according to the analysts’ forecast, will be categories such as data privacy solutions, projected to grow 24.6% to $1.7bn; infrastructure protection, up 17.5% to $33.2bn; and data security, up 17.4% to $4.3bn.
More modest growth will likely come in areas such as application security, set to rise 15.7%; identity and access management (IAM), up 14.8%; network security equipment, up 13.9%, security services, up 11.3%; and integrated risk management, up 10.4%.
The consumer security software category, said Gartner, will post less than stellar growth, although it will still likely be up by about 6.4%.
Services spending to account for nearly half of total
Notably, spending that could be termed as being on security services – meaning areas such as cyber consultancy, outsourcing, implementation and hardware support – is forecast to total approximately $90bn in 2024, approximately 42% of the total. It will remain the largest area of security and risk management spending next year, said Gartner.
“In light of cyber risks increasing, cyber threats proliferating and a changing operating environment, it is more critical than ever for organisations to build and optimise a cyber security programme,” said Upadhyay.
“It is the cornerstone of cyber security initiatives which help SRM leaders secure new environments, protect against the expanded attack surface, consume security capabilities in new ways and create better efficiencies through automation.”
Risk summit zeros in on AI
Gartner presented its findings at its annual SRM Summit in London, which took place this week. Attendees at the event focused on subjects such as assessing and monitoring third-party threats, application programming interface (API) security, and privacy and ethics.
Also high on the agenda was, naturally, the meteoric rise of generative artificial intelligence (AI) and its likely impact on cyber.
Gartner believes that organisations that optimise for AI transparency, trust and security will see their AI models achieve a 50% improvement in terms of adoption, meeting business goals, and acceptance among end users within the next three years, but only if CISOs commit to these ideas wholesale.
“CISOs can’t let AI control their organisation. AI requires new forms of trust, risk and security management [TRiSM] that conventional controls don’t provide,” said vice-president analyst Mark Horvath in a speech at the event
“CISOs need to champion AI TRiSM to improve AI results, by, for example, increasing the speed of AI model-to-production, enabling better governance or rationalising AI model portfolio, which can
Gartner laid out five AI risk management actions CISOs should take, once they have recalibrated expectations of AI both within and without their security teams.
- Capturing the extent of exposure by inventorying AI used in the organisation and ensuring appropriate explainability.
- Driving staff awareness across the organisation through formal AI risk education campaigns.
- Supporting AI model reliability, trustworthiness and security by incorporating risk management into their operations.
- Eliminating exposures of internal and shared AI data by adopting data protection and privacy programmes.
- And adopting specific AI security measures against adversarial attacks to ensure resistance and resilience.