Global spending on information security products and services will reach $81.6 billion in 2016, according to a new report from Gartner. This prediction marks an increase of 7.9% from last year.
The largest areas of information security spending are consulting and IT outsourcing, Gartner stated. Security testing, IT outsourcing, and data loss prevention (DLP) will be the biggest opportunities for growth through the end of 2020.
Another crucial area of industry growth is preventive security. Many IT pros tend to opt for preventive measures when planning their security strategies, a trend poised to continue in years to come.
[Read: 'QuadRooter' security flaw leaves 900M Android devices vulnerable.]
However, preventive measures have proven weak in blocking cyberattacks. As a result, more organizations have adopted the detection-and-response approach to strengthen their security.
Security technologies, such as security information and event management (SIEM) and secure web gateways (SWG) are expected to evolve to support this trend. In particular, SWG tech will maintain a 5% to 10% growth through 2020.
"Organizations are increasingly focusing on detection and response, because taking a preventive approach has not been successful in blocking malicious attacks," said Gartner senior research analyst Elizabeth Kim in a statement. "We strongly advise businesses to balance their spending to include both."
Kim said she anticipates security spending will evolve to become more service-driven as businesses continue to struggle with an overall lack of cyber-security talent in the industry.
Managed detection and response (MDR) is growing as organizations are challenged to use both technology and human expertise to pinpoint risks and maintain a safe cyber environment. This is especially relevant in addressing insider threats and targeted advanced threats.
In its report, Gartner dives into a few specific areas of security where businesses are predicted to spend their security budgets this year.
For example, the average price of firewalls will increase by a minimum of 2% to 3% year-over-year through the end of 2018. As organizations demand greater bandwidth and more devices, service providers and web-scale businesses are deploying bigger and pricier firewalls.
By 2019, half of midsize and large businesses will implement larger and more advanced inspection features to their network firewalls. In addition to larger bandwidth and better performance, businesses will also need their firewalls to group together other features such as intrusion prevention and web filtering.
Ninety percent of businesses are forecast to adopt at least one form of DLP by 2018; currently, only half of them do. Many organizations launch DLP for regulatory compliance and IP protection, but new technologies will also provide machine learning, data-matching, image analysis, and user entity and behavior analytics.
Some areas of information security are lagging behind. Consumer security software, endpoint protection platforms, and secure email gateways are exhibiting slower growth as a result of commoditization, Gartner noted.
While the purchase and implementation of new security technologies is key to protecting businesses, so is the development of cyber-security skills in employees. The shortage of skilled security professionals is both dangerous and expensive. It leaves businesses vulnerable to attacks resulting in reputational damage and data loss.
The most highly technical skills are the ones in greatest demand. Businesses are seeking pros with expertise in software development, attack mitigation, intrusion detection, network monitoring, and other areas of cyber-security.Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio