Tarot readers working for analyst outfit Gartner claim that spending on cybersecurity will jump eight percent next year because of the spike in global breaches this year.
The analyst claims spending in 2018 will top $96 billion as end users protect themselves against threats, having seen the impact of WannaCry and NotPetya this year.
Gartner research director Ruggero Contu said a large portion of security spending is driven by an organisation’s reaction towards security breaches as more high-profile cyberattacks and data breaches affect organisations worldwide.
“Cyber attacks such as WannaCry and NotPetya, and most recently the Equifax breach, have a direct effect on security spend because these types of attacks last up to three years”, he said.
Gartner forecasts that services will make up over half of all security spending, at $57.7 billion. Services will also see greatest growth, at 8.8 percent.
The analyst claimed that regulatory compliance and data privacy have been “stimulating” security spending, citing GDPR and the US’ Health Insurance Portability and Accountability Act as key factors.
One of the key drivers driving services spending is a global skill shortage which has forced organisations to turn to cybersecurity consultancies.
“Skill sets are scarce and remain at a premium and top organisations to seek external help from security consultants, managed security service providers and outsourcers,” he added.
“In 2018, spending on security outsourcing services will total $18.5 billion which is an 11 percent increase from 2017.
“The IT outsourcing segment is the second-largest security spending segment after consulting.”
VAR outfit Chess is take another cybersecurity piece after acquiring Foursys a few months ago.
Foursys, which will become Chess Cybersecurity, put Chess into the cybersecurity game – most of its acquisitions have been outside that area such as Lanway, Parachute IT and Compwise Systems.
Now the word on the street is that Chess is looking to make another acquisition in the security space. Most of this was due to the Foursys deal paying off so well.
It is not clear who Chess is looking at, or when the deal will be announced, but the plan seems to be to broaden Chess’ cybersecurity space offering.
Apparently there are plenty of companies for sale and because of the increased interest in cybersecurity there have been a number coming to the market.
Chess, COO Steve Cox is leaving the VAR to take on the role of VP of customer success at insurance software firm Vertafore, a switch which will see him move to Denver. Cox joined Chess last year and was instrumental in setting up the firms ICT division.
Intelligence analyst Cybersecurity Ventures has warned that the cyber-security market is facing an “epidemic” skills shortage.
The California-based research firm has compiled a quarterly Cybersecurity 500 list since 2015, cataloguing what it sees as the hottest and most innovative industry leaders
Feedback from 2017’s top three – Herjavec Group, IBM Security and Raytheon Cyber has revealed growing concern over the widening gap between security threats, and the number of people qualified to tackle them.
The single biggest trend, globally, is that there are chronic work shortages of qualified cyber security staff. It’s an absolute epidemic, the survey found.
From the end of 2013 to 2015, Cisco published research on global cyber security that showed there were one million cyber security positions open globally and Cybersecurity Ventures’ own research suggests that this deficit become worse.
There is a predicted growth in cybercrime coming and by 2021, the company expects there to be 3.5 million vacant cybersecurity job openings.
“The pipeline of security talent isn’t where it needs to be to help curb the rise in more widespread, and more sophisticated, cybercrime.”
There are shortfalls in specialised education in information technology and computer science.
Out of the top ten ranked firms, seven are based out of the US; one in Canada; one in IT security hub Israel; and one UK outfit: Sophos.
Other UK high flyers include BAE Systems (14), BT (29), PwC (32), NNT (54) and KPMG (57). DFLabs in Lombardy, Italy was the highest-ranked continental European firm, at number 19.
Hospitals, clinics, trusts and insurers are under a barrage of cyberattacks but the healthcare section does not seem to be spending enough money to protect itself.
According to ABI Research, cybersecurity for healthcare protection will only be worth $10 billion by 2020, while other sectors such as financial and defence are coping.
ABI said “the healthcare industry is drowning” because of attacks from malicious online agents and a lot of companies and organisations in the sector are failing to modernise to take account of current threats.
Michelle Menting, a practice director at ABI, said: “Cybersecurity for healthcare is still a small fragmented market but the potential opportunities for expansion are large and will continue to grow as healthcare organisations increasingly come under cyberfire.”
She said a few startups such as TrueVault and FireHost are targeting the healthcare sector and building a niche for themselves. There are also managed services and cloud apps from companies like NetFortris and ID Experts.
It won’t be until 2018 that large enterprises will have proper plans to protect themselves from cyber attacks causing business disruption.
And, even then, only 40 percent of these organisations will have such plans.
That’s what a report from Gartner says, which warns that chief information security officers need to set their priorities/
Gartner thinks the frequency of a cyber attack on a large scale is low, but if it does happen, the implications are sever.
Paul Proctor, a VP at Gartner warns that servers can be downed, data wiped, and digital intellectual property published to the internet – as happened with Sony late last year.
“Employees may not be able to fully function normally in the workplace for months. These attacks may expose embarrassing internal data via social media channels and could have a longer media cycle than a breach of credit card or personal data,” he said.
He also pointed out that avoiding a compromise in a large computer enterprise “is just not possible”. Instead, those responsible should concentrate on firewalls, antivirus and vulnerability management, as well as increasing detection and response capabilities.
The Internet of Things (IoT) will expand the attack surface so enterprises need to pay better attention, and spend more money on preventing attacks.
Governments around the world are waking up to the security implications as the internet of things is set to pervade the world and will spend an immense amount of money to improve cyber security.
The internet of things is a catch all term for a time when just about anything you care to imagine has semiconductors inside, able to communicate with just about everything else.
ABI Research said that it estimates that cybersecurity spending will hit $109 billion by the end of this decade, with governments in North America and Europe spending and spending again on security for network, for systems and for data.
The governments, said ABI, will concentrate on security for the financial, energy and defence sectors as they are the ones most targeted.
The energy sector is under particular threat, with attacks on industrial control systems.
However, there are sectors which are particularly vulnerable, including utility companies, said Michela Menting, practice director at ABI Research.
She said: “IT spending will dominate cyber security investment for critical infrastructure protection to the detriment of securing operational technologies in industrial settings.”