Cybersecurity spending slumps - but swift recovery expected
Despite a new impetus to take cybersecurity more seriously as a result of increasing volumes of cyber-attacks due to COVID-19, spending on IT security will fall in 2020 as a result of economic constraints – also due to the pandemic.
That's according to new research from GlobalData, which also found that the industry will recover after this initial slump to be worth almost US$238 billion by 2030, with a compound annual growth rate (CAGR) between 2019 and 2030 of 6%.
GlobalData's research comes to a similar conclusion to a recent report from Canalys, which found that planned increases in cybersecurity spending and investment over the next 12 months will be either reduced or halted completely due to budget pressures and supply chain constraints.
“The unprecedented shift to remote working from March resulted in strong demand for endpoint security to protect new company-deployed notebooks, as well as consumer-owned devices used as part of business continuity measures,” says Canalys chief analyst Matthew Ball.
“Endpoint security shipments increased by 16.9% to represent 15.4% of the total cybersecurity market. This strong growth continued into Q2, as more countries implemented lockdown measures.
“But network security only grew 4.0% as the hardware appliance business for some vendors was affected by supply chain constraints.
GlobalData's report also outlined the significance of artificial intelligence (AI) as a double-edged sword for cybersecurity: it acts as both a modern foil for cyber attacks and as a tool for attackers to drive their campaigns.
“Cybersecurity is an unrelenting battle. Companies manage an array of assets, including infrastructure, applications, managed and unmanaged endpoints, mobile devices, and cloud services, all of which can be attacked,” says GlobalData principal analyst of thematic research David Bicknell.
“The types of attacks include phishing, the most popular, and ransomware, which is becoming the most lucrative.
“The ongoing COVID-19 pandemic has highlighted why cyber-naïve remote-workers have needed security awareness training to thwart hacker attacks. Attackers will target immature technologies, meaning 5G communications, smart cities, and the Internet of Things (IoT) are all at risk.
“To counter these threats, organizations are moving towards a zero trust stance, which assumes that all entities, inside or outside the perimeter, cannot be trusted,” says Bicknell.
“Security will also be adopted earlier in application development. It must be baked in, not bolted on.
“New AI-infused security companies will either be the standard-bearers of the future or, more likely, they'll become M-A targets for the old guard. Those firms that fail to define a clear AI security stance or take the necessary M-A steps to acquire one will lose out.