Cybersecurity spending outlook: $1 trillion from 2017 to 2021

DISCLOSURE: Steve Morgan is founder and CEO at Cybersecurity Ventures, and Editor-In-Chief of the Cybersecurity Market Report. 

Worldwide spending on cybersecurity is predicted to top $1 trillion for the five-year period from 2017 to 2021, according to the Cybersecurity Market Report, published by Cybersecurity Ventures.

“IT analyst forecasts are unable to keep pace with the dramatic rise in cybercrime, the ransomware epidemic, the refocusing of malware from PCs and laptops to smartphones and mobile devices, the deployment of billions of under-protected Internet of Things (IoT) devices, the legions of hackers-for-hire, and the more sophisticated cyber-attacks launching at businesses, governments, educational institutions, and consumers globally” according to the new report.

In early 2015 Inga Beale, CEO at the British insurer Lloyd’s, claimed that cybercrime was costing businesses globally up to $400 billion a year. Several months later Juniper Research released a report which said cybercrime will cost businesses over $2 trillion by 2019. Microsoft CEO Satya Nadella stated $3 trillion of market value was destroyed in 2015 due to cybercrime.

Rob Owens, senior research analyst for security and infrastructure software at Pacific Crest Securities, recently told Investor’s Business Daily that he sees pent-up demand for cybersecurity spending. He says companies still aren’t spending enough on security. “I think security has been an under-spend area for decades. You’re spending about 3% of your capex (capital expenditures) that’s focused on IT on security. That’s relatively low.”

Cybersecurity Ventures confirms Owen’s viewpoint, and anticipates a major uptick in cyber spending — to the tune of 12 to 15 percent year-over-year growth through 2021, compared to the 8 to 10 percent projected over the next five years by several industry analysts. Gartner projects the overall security market will grow at a 7.8 percent CAGR (compound annual growth rate) through 2019 — which suggests IT security spending will account for considerably less than 5% of worldwide IT spending ($2.77 trillion according to Gartner) through 2019.

Speaking at the IBM Security Summit in New York City last year, IBM’s chairman, CEO and President Ginni Rometty said, “We believe that data is the phenomenon of our time. It is the world’s new natural resource. It is the new basis of competitive advantage, and it is transforming every profession and industry. If all of this is true – even inevitable – then cyber crime, by definition, is the greatest threat to every profession, every industry, every company in the world.”

It appears that cybersecurity spending is beginning to align with Rometty’s remarks. IBM Security — a $2 billion division of the tech giant – posted 18% growth in Q1 2016. Cisco, one of IBM’s chief security rivals, posted an impressive 17 percent year-over-year rise in security sales.

Gartner reports the IT security outsourcing segment recorded the fastest growth in that sector. As big as that market is, it is a very difficult one to size. “Tech is a cottage industry which includes tens of thousands of VARs (value-added-resellers), IT solution providers, and SIs (systems integrators) who wrap IT security services around the IT infrastructures they implement and support — but (most of) these firms don’t break out and report cybersecurity revenues as a separate bucket,” states the Cybersecurity Market Report.

“Big branded tech companies with sizable professional services organizations providing cybersecurity services have yet to set up specific divisions or revenue reporting which analysts need in order to capture accurate market figures. There’s also many new players getting into cybersecurity. CPAs and attorneys who used to answer their clients’ what-if and what-now questions around data breaches — are now starting up lucrative cyber consulting divisions.”

The IT Security Spending Survey — published by SANS Institute in February 2016 — states “Tracking security-related budget and cost line items to justify expenditures or document trends can be difficult because security activities cut across many business areas, including human resources, training and help desk. Most organizations fold their security budgets and spending into another cost center, whether IT (48%), general operations (19%) or compliance (4%), where security budget and cost line items are combined with other related factors. Only 23% track security budgets and costs as its own cost center.” SANS makes an astute observation which may account for the shortfall in IT spending projections by some researchers and analysts.

The Cybersecurity Market Report will be updated with new cybersecurity spending data in the fourth quarter of 2016.