Increasing complexity and number of targeted attacks are pushing companies to spend more on IT security, driving the global market to a 8.7 percent climb to hit US$67.2 billion this year.
In a statement released Wednesday, Gartner projected the security technology and service market will further expand to US$86 billion in 2016. The market researcher pointed to three market drivers: mobile security, big data, and advanced targeted attacks.
It noted that growing adoption of bring-your-own-device (BYOD) opens up opportunities in the security space where companies need to look beyond device security and into securing mobile apps and data. They also will need to establish better understanding of the device type and how employees are accessing corporate networks and applications.
Ruggero Contu, Gartner's research director, said: "The consistent increases in the complexity and volume of targeted attacks, coupled with the necessity of companies to address regulatory or compliance-related issues, continue to support healthy security market growth."
To support these security requirements as well as business needs, more data is needed to more effectively detect advanced attacks, the research firm added, noting that this presented challenges when identifying patterns of potential risk across diverse data sources.
To facilite the need for security analytics, it underscored the need to update the IT security skills, technologies, and processes such as security datawarehousing and analytics. It added that advanced security hackers were now capable of retaining their presence after successfully breaching an organization's security parameters, and seek out ways to further penetrate the network. They would typically do this through malware or post-malware, where user data collected when the malware active would be used to facilitate secondary attacks and breach internal security controls.
Lawrence Pingree, research director at Gartner, said: "Enterprises should employ a defense-in-depth, layered approach model. Organizations must continue to set the security bar higher, reaching beyond many of the existing security and compliance mandates in order to either prevent or detect these newly emergent attacks and persistent penetration strategies. This layered approach is typical of many enterprise organizations and is often managed in independent ways to accomplish stated security goals, namely, detect, prevent, respond, and eliminate."