Cybersecurity spending to grow this year but may be hit by budget constraints
By Lance Whitney
Spending on security products and services for 2020 could increase as much as 5.6%, or as little as 2.5%, depending on the economic impact of the coronavirus on IT budgets, says Canalys. Even in the midst of the coronavirus pandemic, organizations need to focus on shoring up their cybersecurity defenses. In some ways, security is more critical now as cybercriminals exploit the vulnerabilities of organizations battered by the economic effects of COVID-19.
A report released Monday by research firm Canalys forecasts an increase in cybersecurity spending this year. But just how much of an increase depends on the course of the pandemic and resulting financial downturn. In a best-case scenario, Canalys expects global cybersecurity spending to grow by 5.6% this year, reaching $43.1 billion. In this instance, security investments will continue to outpace the economy with increases in spending on endpoint security, network security, web and email security, data security, and vulnerability and security analytics.
In a worst-case scenario, however, spending will rise only 2.5% this year. This prediction assumes a long duration of the coronavirus pandemic, leading to a severe economic impact that takes a bite out of IT budgets. Either way, cybersecurity will stand as a high priority for 2020 as organizations contend with more threats and vulnerabilities at the same time they must adhere to specific compliance and regulatory requirements. The shift to remote working also has created a greater need for endpoint security so workers can access corporate resources beyond the physical network. “The shift to subscriptions will shield cybersecurity from immediate IT spending cuts, but additional expenditure will be affected for the rest of the year as organizations begin the next stage in their response to the pandemic,” Matthew Ball, chief analyst at Canalys, said in a press release. “The switch from free trials to paid-for subscriptions will be a factor in maintaining cybersecurity growth. But the mix of cost-containment measures, workforce reduction, and cashflow issues will result in greater scrutiny of existing projects and smaller deals.”
Increases in spending will vary among different security products and services, according to Canalys.
Investments in endpoint security will grow as remote working conditions continue. But this growth may taper off following the strong spending during the first quarter, especially among small and midsized businesses.
Network security will remain the largest segment, accounting for 36% of all cybersecurity spending. However, this area may see a decrease in spending as organizations de-emphasize traditional appliance-based perimeter defenses.
Organizations will have to beef up spending in other segments to address new vulnerabilities created by a remote and decentralized workforce. As such, Canalys sees an increase in investments for web and email security, data security, and vulnerability and security analytics. With a renewed focus on the cloud, spending will also turn to cloud deployment options and security for cloud-deployed workloads.
“Large-scale remote working will be in place for a lot longer than previously envisioned when lockdown first took effect in March,” Ketaki Borade, a Canalys research analyst, said in a press release. “While some employees will return to the workplace over the coming months, organizations will have to maintain a highly decentralized workforce that can work anywhere for the foreseeable future. This includes a combination of remote-only and flexible workers, as well as on-site-only workers that can quickly transition to remote-only working if a localized or national lockdown arises again.”
Cybercriminals have been excited to take advantage of COVID-19 to target organizations and individuals with coronavirus-related malware. As the spread of COVID-19 and the resulting lockdowns have shifted over the past few months, so too have malicious campaigns changed in their approach and methods. But the trend shows that organizations need to remain ever more vigilant against cyberattacks, especially in the new remote working environment.
“The emergence of COVID-19 in January saw a surge in targeted phishing campaigns and malicious domains established to lure end users searching for information,” Borade said. “These fell once lockdown took effect. But hackers continue to target organizations and individuals by compromising unsecured and poorly trained remote workers via numerous vectors, including email, social engineering, and RDP brute force attacks. Organizations will to have reassess changes to workflows, application use, customer engagement, and training for cybersecurity awareness in a more virtual workplace.”