Just how much is too much?
Every year a portion of the annual IT budgets of enterprises is allocated to information security. According to Statista, the percentage has been steadily climbing from FY2006 since FY2017.
Figure 1: Percentage of total IT budgets spent on IT security from FY2005 to FY2017
Source: Statista
Gartner estimates that worldwide spending on information security was more than $114 billion in 2018, up 12.4% from 2017. The analyst predicts that the figure will grow 8.7% to $124 billion in 2019.
Sure, there are dips in spending but this is to be expected as enterprises react to their environment. Usually a major security incident or new regulation would trigger an increase in budget allocations for security.
Siddharth Deshpande, research director at Gartner said: “highly publicized data breaches, like the recent attack on SingHealth that compromised the personal health records of 1.5 million patients in Singapore, reinforce the need to view sensitive data and IT systems as critical infrastructure.”
Table 1: Worldwide security spending by segment, 2017-2019 (Millions of U.S. Dollars)
| Market segment | 2017 | 2018 | 2019 |
| Application security | 2,434 | 2,742 | 2,003 |
| Cloud security | 185 | 304 | 459 |
| Data security | 2,563 | 3,063 | 3,524 |
| Identity access management | 8,823 | 9,768 | 10,578 |
| Infrastructure protection | 12,583 | 14,106 | 15,337 |
| Integrated risk management | 3,949 | 4,347 | 4,712 |
| Network security equipment | 10,911 | 12,427 | 13,321 |
| Other information security software | 1,832 | 2,079 | 2,285 |
| Security services | 52,315 | 58,920 | 64,237 |
| Consumer security software | 5,948 | 6,395 | 6,661 |
| Total | 101,544 | 114,152 | 124,116 |
Source: Gartner 2018
At the RSA Conference 2019 held in Singapore, FutureCFO spoke to Alex Lazarenko, head of R&D Department at Group-IB for his take on why CFOs should be interested in security, including cyber security.
CFOs and the finance department are the typical target for hackers because they are the caretakers of the business’ finances – money. He says targeted attacks against the CFO may come in the form of a phishing email containing a bank statement or some fake information about payment.
