Gartner predicts, citing major attacks and Govt. legislation.
Australian organisations are expected to spend just under $5 billion on enterprise information security and risk management products and services this year, according to Gartner.
In the research firm’s latest forecast, it predicted spending will reach just over $4.9 billion in 2021, up 8 percent from 2020.
Gartner senior research director Richard Addiscott said IT security had been top of mind for Australian organisations thanks to recent high profile cyberattacks such as the SolarWinds hack, impending legislative changes in the form of the Security Legislation Amendment (Critical Infrastructure) Bill 2020 and regulatory obligations.
“Many of the conversations we’re having with government and private sector clients in Australia revolve around the Essential Eight, varying State Government cybersecurity frameworks, and regulatory instruments such as APRA’s Prudential Standard CPS 234. Organisations are being directed to implement these strategies to mitigate cybersecurity incidents,” Addiscott said.
“However, the road to full implementation is not an easy path, and nor should it be seen as a cybersecurity panacea. Rather than adopting a compliance-centric posture, organisations need to adopt a risk-based approach to security, protecting the organisation from the most critical threats while focusing on business outcomes.”
On a per-segment basis, the most spending is forecast to go to security services at $3.2 billion, up 7.3 percent year over year. Gartner said services include consulting, hardware support implementation and outsourcing services.
Cloud security is expected to grow the fastest this year with forecasted growth of 33.8 percent, but remains the smallest area with $20 million in expected spending.
Citing its own survey to organisation chief information officers, the Gartner 2021 CIO Agenda Survey, the research firm said security was the no. 2 priority for new spending, with 67 percent of Australia and New Zealand respondents increasing investment in cyber/information security, second only to business intelligence and data analytics (73 percent).