Market research and expert consultants Gartner have observed that users are shifting an ever growing portion of their IT security budgets to “Detection and Response” activities. Demand for pure prevention, the experts go on to say, is now shrinking. Gartner is expecting companies to spend about $90 billion dollars on IT security across the globe this year, representing a rise of nearly 8 percent over 2016. By 2020, spending is projected to rise further to 113 billion dollars. Improving capabilities in detection and response is set to become a key priority for security buyers over that period, according to the experts. “The shift to detection and response approaches spans people, process and technology elements and will drive a majority of security market growth over the next five years,” explains Gartner analyst Sid Deshpande. This doesn’t mean, of course, that prevention has suddenly lost its importance, nor that Chief Information Security Officers (CISOs) will now stop trying to prevent security incidents. It is rather the recognition that prevention may be futile, unless it is backed up with detection and response capabilities. A shortage of expertise and skills within enterprises is also boosting spending on security services. After decades focusing on purely preventive measures, many firms lack organizational knowledge on detection and response strategies in their security teams, Gartner’s experts add. These highly specialized skills are scarce and consequently expensive, leading many companies to seek external support from security consultants, managed security service providers (MSSPs) and outsourced services.
“Simple virus protection solutions have long been insufficient,” explains Bernhard Hecker.
