Richard Addiscott (Gartner)
Australian organisations are expected to spend over $4.9 billion on enterprise information security and risk management products and services by the end of 2021.
This is according to analyst firm Gartner, which claimed spending in the market this year will increase by 8 per cent, year-on-year — higher than 2020’s 6 per cent.
Driving this need for IT security and risk solutions, according to Richard Addiscott, senior research director at Gartner, include high profile cyber attacks like the SolarWinds hack, as well as changes to the Security Legislation Amendment (Critical Infrastructure) Bill 2020 and regulatory obligations.
Out of the whole enterprise information security and risk management market, security services are expected to be the segment with the highest value this year, with it forecast to reach $3.2 billion in 2021 — representing growth of 7.3 per cent, year on year.
Meanwhile, cloud security is anticipated to be the highest growing segment with growth of 33.8 per cent forecast for this year, to $15 million. While up by over a third, this is down from its growth in 2020, when the segment grew by 50.4 per cent.
Regardless, the growth in this segment should come as no surprise when considering the firm’s 2021 Gartner CIO Agenda survey from October.
Back then, it found 67 per cent of respondents in Australia and New Zealand planned to increase investments in cyber security this year, coming second only to business intelligence and data analytics. Additionally, the survey also found 53 per cent of CIOs intended to invest into cloud services and solutions.
Credit: Gartner Addiscott said Australian government and private sector clients' priorities revolve around the Australian Signals DIrectorate’s Essential Eight cyber security baseline mitigation strategies.
Other areas of interest have been focused on varying state government cyber security frameworks and regulatory instruments like the Australian Prudential Regulatory Authority’s (APRA) prudential standard CPS 234, which makes sure APRA-regulated entities are keeping their information security capabilities scaled with information security vulnerabilities and threats.
“Organisations are being directed to implement these strategies to mitigate cybersecurity incidents,” Addiscott said.
“However, the road to full implementation is not an easy path, and nor should it be seen as a cybersecurity panacea. Rather than adopting a compliance-centric posture, organisations need to adopt a risk-based approach to security, protecting the organisation from the most critical threats while focusing on business outcomes,” he added.
