IT security spending of organizations in recent years has been heavily influenced by a succession of ‘events’ that had little to do with their strategic digitalization goals.
Ideally, IT and cybersecurity budgets focus on an outcome such as enabling digital transformation. And of course, that ideal situation includes an integrated risk management and business view as managers increasingly want to know what IT security spending actually delivers for all stakeholders.
With the ever-increasing digital expectations of end users, the far-reaching consequences of ongoing digitalization, the growing digital attack surfaces, and the high costs associated with data breaches, a proactive strategic IT security approach with management and board involvement is the only way forward.
The reactive, short-term challenges during the pandemic
But with all that’s been going on in recent years – and is happening today – it is often difficult to switch to such a much-needed mature, proactive, and strategic IT security approach.
Security services will have the highest growth over the forecast period (2021-2026) with 10.2% CAGR and will also represent the biggest spending category, followed by software and hardware
The pandemic was, of course, a major ‘event’ here. For most organizations, it was a matter of responding fast overall. First, they had to respond to all the challenges of the health crisis itself (working from home and hybrid working where possible, digitalizing many services to ensure continuity, starting/upping digital business activities, the list is almost endless).
But they also had to respond to the enormous increase in cyber attacks seen during the pandemic: an acceleration of all threats and attacks (third-party risks, phishing, ransomware, you name it). The pandemic won’t just be remembered as a huge health crisis with massive consequences and long-term ripple effects; it will also be remembered as a cyberattack and digital misinformation tsunami.
In addition, all the ICT-related and digital work that needed to be done to ensure a degree of business continuity were enormous for those that weren’t cyber resilient or digital-first yet (and who really was?).
Moreover, it all needed to happen fast, often with various ‘external’ sources and less time. As a result, many organizations are still detecting and resolving threats and vulnerabilities in the new solutions and digital methods of working and doing business they set up in previous years.
European IT security dynamics since 2022 (and beyond)
Once most of that work was done, there was not much time to switch to a more strategic approach. The changing geopolitical situation and ever more inflationary pressure forced organizations to continue focusing on the short term, especially as the war in Ukraine started.
The war’s many consequences included cybersecurity challenges as well, of course. And they will have a lasting impact, just as many changes during the pandemic did (on top of an incredible human toll).
According to IDC’s Stefano Perini, the risk of cyber threats addressing both IT and OT systems (already high before the war) rose dramatically following the start of the Russia-Ukraine conflict and all its consequent geopolitical dynamics.
Per Stefano Perini, this pushed European organizations to indeed increase the focus on short-term IT security emergency plans addressing especially cloud, network, and data security.
What are the consequences for the European IT security market in terms of spending? From a business perspective, the market seems to continue its steady rise, although the priorities will undoubtedly continue to evolve.
European IT security spending will reach almost $47 billion in 2022. The forecast five-year (2021–2026) compound annual growth rate (CAGR) is 9.4%, surpassing $66 billion in 2026 (IDC, July 2022)
IT security spending in Europe overall and per vertical
According to a new Worldwide Security Spending Guide from IDC (July 2022), total European IT security spending will almost reach $47 billion in 2022, up 10.8 percent year on year. By 2026, the European IT security market would exceed $66 billion.
- Banking remains the largest market for IT security spending in Europe, with over $6 billion in 2022. Obviously, banking was always a frontrunner in IT security, but per IDC, “it will even increase its focus on cyber defense to face the rising risk of malicious attacks.” Do also note the advent of new cybersecurity-related rules and regulations in the EU, however (e.g., the EU’s DORA Digital Operational Resilience Act).
- The second top spender on cybersecurity in Europe in 2022 is discrete manufacturing, with cyberthreats for IT and OT (operational technology) systems as IT and OT integration continues on the continent of Industry 4.0. Discrete manufacturing is expected to spend more than $5 billion on security.
- Number three in terms of IT security spending is the ‘professional services’ sector with ‘more stable security strategies’ whereby cloud security and endpoint security solutions are a particular focus per IDC. In Europe, professional services spending on IT security is expected to reach over $4 billion in 2022.
Interestingly the fastest growers regarding IT security spending in Europe are the ‘state/local government’ industry, followed by the ‘federal/central government,’ where cybersecurity ranks at the top of the spending agenda with an IT security spending increase of respectively 12.3 percent and over 11 percent. The main cybersecurity-related areas for government organizations (from both government industries) are cloud migration, remote collaboration, and data security.
Finally, as the illustration above shows, the transportation industry will grow as fast as the ‘federal/central government,’ ranking third. So, transportation also will see IT security growth of over 11 percent in 2022, but here the focus is on cyber resilience with ‘cybersecurity as a crucial support to avoid any further service restriction.’