After a dip in spending last year, organizations are once again investing in information security. Enterprise information security and risk management end-user spending in India is on pace to total $2.08 billion in 2021, an increase of 9.5% from 2020, according to the latest forecast from Gartner, Inc. Compare this with global average spending growth of 10.5%. Spending in matured APAC markets will grow by 8.6% in 2021 and 10.7% in emerging APAC markets, estimates Gartner. This spending is being driven by increased digitalization and the need to secure digital infrastructure on the cloud.
“The overnight move to remote-working in reaction to the pandemic exposed organizations’ vulnerabilities,” said Prateek Bhajanka, Senior Principal Research Analyst at Gartner. “While security leaders had to cut down on their security spending in 2020 because of IT budget-cuts, in 2021, this trend is reversing. A secure digital environment is now foundational to organizations’ growth and in preparation to another crisis that may arise. Security leaders are ready to reinvest in cybersecurity with a renewed and refreshed rigor.”
Gartner analysts shared how security and risk management leaders (CISOs) can advance their IT cybersecurity and risk strategy at the Gartner Security & Risk Management Summit India taking place virtually through Thursday (March 18).
In 2021, organizations are expected to increase their spending across all segments of security and risk management. Continuing the trend from last year, cloud security and integrated risk management will experience the highest growth in 2021, up 251% and 27.8%, respectively (see Table below).
Shift to cloud drives triple-digit spending on cloud security
“India is at an early stage of cloud adoption and the pandemic only accelerated this shift as organizations moved to the cloud to achieve cost efficiency and business continuity,” said Bhajanka. “In 2020, hyperscalers, such as Amazon Web Services, Microsoft Azure, and Google Cloud, increased their investment in data centers in India, further catalyzing Indian organizations’ move to cloud during the pandemic.”
CISOs and security leaders are aware of the risks and vulnerabilities that their organizations can be exposed to while migrating to the cloud from legacy systems. To manage these risks, organizations are increasing their spending on cloud security tools, driving the market up 251.1% in 2021. Cloud access security brokers (CASB) and cloud workload protection platforms (CWPP) will be some of the major technologies that CISOs in India will increase their spending on within the cloud security segment in 2021.
In addition, Indian CISOs and security leaders will focus on establishing and deploying threat detection and response programs and capabilities, such as endpoint detection and response (EDR), and move to cloud-delivered security capabilities to have consistent security coverage whether working from the office, home, or off-site.
Gartner clients can read more in the report “Forecast: Information Security and Risk Management, Worldwide, 2018-2024, 4Q20 Update.”
Cybersecurity and the Board
Gartner also said that by 2025, 40% of Boards of directors will have a dedicated cybersecurity committee overseen by a qualified board member, up from less than 10% today. “This shows increased commitment to cybersecurity coming from top management. And it will increase the success of projects undertaken by the execution teams,” said Bhajanka.
“In the past, security was seen as an inhibitor and a cost center. But that perception changed during the pandemic when cybersecurity and ransomware became a major concern for businesses across the world. Today, cybersecurity is being addressed at a higher level and is now a concern of the Board.”
Bhajanka says the investments and commitments towards cybersecurity were slow to pick up and the challenge is the way cybersecurity is communicated to the board.
“Cybersecurity is an enabler for (digital) business, but the security team has not been able to communicate that effectively to the Board of directors. That’s because the security teams communicate in technical terms and have not been successful in communicating and translating cybersecurity language to the business language that the board of directors understands. If they understand it, they would be able to internalize it, and take action on it,” added Bhajanka.
And that reinforces our belief that communication will be a key skill for CISOs in 2021.