Information security spending is expected to grow 7.6 percent to $90 billion in 2017, and to top $113 billion by 2020.
Spending on enhancing detection and response capabilities is expected to be a key priority for security buyers through 2020, according to Gartner.
“The shift to detection and response approaches spans people, process and technology elements and will drive a majority of security market growth over the next five years,” said Sid Deshpande, principal research analyst at Gartner.
“While this does not mean that prevention is unimportant or that chief information security officers (CISOs) are giving up on preventing security incidents, it sends a clear message that prevention is futile unless it is tied into a detection and response capability,” Sid Deshpande said.
Gartner said skills shortages are driving spending on security services. Organizations lack knowledge of detection and response strategies in security because preventive approaches were the most common tactics for decades.
Since information security related skill sets are scarce and remain at a premium, organizations seek external help from security consultants, managed security service providers (MSSPs) and outsourcers.
The need to detect and respond to security incidents has created new security product segments, such as deception, endpoint detection and response (EDR), software-defined segmentation, cloud access security brokers (CASBs), and user and entity behavior analytics (UEBA).
Gartner said that these new segments are taking spend away from existing segments such as data security, enterprise protection platform (EPP) network security and security information and event management (SIEM).
The emergence of managed detection and response (MDR) services is a threat to MSSPs. The rising number of point solutions in the security market that address detection and response is creating manageability issues for CISOs and security managers, driving spending for management platforms and services that are better integrated with adjacent markets.
CISOs are changing how they measure the success of their security strategy as enterprises shift toward balancing prevention with newer detection and response approaches.
“CISOs are keen to communicate the return on investment of their security strategy in terms of the business value associated with quick damage limitation, in addition to threat prevention and blocking,” said Lawrence Pingree, research director at Gartner.
Lawrence Pingree said the key enabler for CISOs is to get visibility across their security infrastructure to make better decisions during security incidents. This visibility will enable them to have a more strategic and risk-based conversation with their board of directors, CFO and CEO about the direction of their security program.
