Analyst firm IDC published its first Worldwide Semiannual Security Spending Guide Oct. 12, forecasting that global cyber-security spending will reach $101.6 billion by 2020.
According to IDC's analysis, worldwide revenues for cyber-security related services, software and hardware will come in at $73.6 billion in 2016 and will grow at a compound annual growth rate (CAGR) of 8.3 percent through 2020. IDC noted that the CAGR for cyber-security is faster than the overall rate of IT spending growth.
"Today's security climate is such that enterprises fear becoming victims of the next major cyberattack or cyber extortion," Sean Pike, program vice president of security products at IDC, said in a statement. "As a result, security has become heavily scrutinized by boards of directors demanding that security budgets are used wisely and solutions operate at peak efficiency."
Security services are forecast to be the largest single category of security spending, representing 45 percent of global cyber-security revenue in 2016. Security software is the second largest category, with user behavior analytics software being one of the fastest growing segments of the market.
The largest market in the world for cyber-security is the United States, with $31.5 billion forecast for 2016. Western Europe comes in second place with revenue of $19.5 billion.
While $73.6 billion in 2016 is a nontrivial amount of money, at least one security expert contacted by eWEEK suspects that IDC's numbers might not be entirely accurate.
"The estimate is flawed," Tom Kellermann, CEO of Strategic Cyber Ventures, told eWEEK. "Cyber-warfare is increasingly common, and thus I believe that these numbers do not account for the classified cyber defense budgets of the G-20."
Kellermann said defense contractors are altering their business strategies as evidenced by firms like Lockheed Martin defining themselves as technology companies. In addition, boards of directors are now concerned about cyber-attacks and there exists a burgeoning trend among boards to view cyber-security investment as a function of conducting business rather than an expense, he said.
"Cyber-security is foundational to brand protection, and I would suggest that by 2020 the total annual investment in cyber-security will exceed $200 billion," Kellermann said. "By 2020 corporations will be held accountable for the security of their networks by not only regulators but by the courts as well."
Justin Harvey, head of security strategy at Gigamon, said he was surprised to see so little emphasis on endpoint and network visibility in IDC's forecast. In his view, it is a core element of security to have network visibility solutions when building a cyber-defense capability.
Michael Covington, vice president of product at Wandera, however, wasn't all that surprised by the IDC forecast. Looking beyond the numbers, the forecast highlights a trend that should cause vendors to take notice.
"Organizations have started to evolve the way they think about security," Covington said.
Instead of policy blocks and restricted access being the focus, security is becoming more of a productivity enabler, he said. The increased adoption of managed services, more capable endpoint tools and unified identity management shows how important "usable security" is to the enterprise.
"If security tools cannot be managed or are not used, they don't deliver any value," Covington said. "We are watching a paradigm shift occur as security simply gets out of the way and becomes more integrated into business."
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.