Cybersecurity Spending. PHOTO: Cybercrime Magazine.

Global Cybersecurity Spending To Exceed $1.75 Trillion From 2021-2025

Cybersecurity Ventures anticipates 15 percent year-over-year growth Press Release

David Braue

Melbourne, Australia – Sep. 10, 2021


The imperative to protect increasingly digitized businesses, Internet of Things (IoT) devices, and consumers from cybercrime will propel global spending on cybersecurity products and services to $1.75 trillion cumulatively for the five-year period from 2021 to 2025, according to Cybersecurity Ventures. The figures reflect, in part, the dramatic change that the COVID-19 pandemic has wrought.

“In 2004, the global cybersecurity market was worth just $3.5 billion,” says Steve Morgan, founder of Cybersecurity Ventures, “and now it’s one of the largest and fastest-growing sectors in the information economy.”

Buoyed by the need to execute digital transformation initiatives faster than ever over the last year, businesses have doubled down on online services — overhauling existing products and developing entirely new ones based in the cloud.

Yet even as these services took pole position in companies’ digital transformations, they also became lightning rods for cybercriminals who sensed the opportunity to find new forms of disruption — whether through profitable ransomware attacks, or by exploiting vulnerabilities to infiltrate and manipulate company networks.

Little wonder that CEOs now identify cybersecurity as the most significant risk their businesses face.

Fully 18 percent of 500 CEOs surveyed by KPMG in 2021 said cybersecurity risk would be the greatest threat to their organization’s growth over the coming three years. That was nearly twice the 10 percent of CEOs who said the same in the middle of 2020 — a significant change in attitude over the span of just six months.

Such a rapid shift in mindset has continued apace as one major cybersecurity compromise after another keeps security issues front of mind in the boardroom and C-suite.

The challenges of the past year are pervasive, with 69 percent of CEOs reporting they have been accelerating new digital business models and revenue streams over the past year. As a consequence, 52 percent said they would prioritize data security measures this year.

The imperative to protect mission-critical digital investments will help drive double-digital annual growth in cybersecurity spend for years to come, with Cybersecurity Ventures predicting that this year’s $262.4 billion in expenditures will grow to $458.9 billion in 2025.

The right money, in the right place

That’s a significant expansion of enterprise cybersecurity funding — yet simply throwing money at the problem isn’t necessarily going to solve it.

“There are some companies who are clearly underinvesting into cybersecurity,” Aleksandr Yampolskiy, CEO and co-founder of information security benchmarking firm SecurityScorecard, told Cybercrime Magazine. “Other companies are spending plenty of money on cybersecurity, but they’re not spending it wisely.”

Many companies are “focused on how to become as robust as possible… and how you surround your company with an impenetrable fortress — which is a futile endeavor,” Yampolskiy continued. “Those companies need to shift their mindset to becoming as resilient as possible if they assume the adversary is going to get in no matter what.”

Yet achieving that resilience will require a clear strategy for cybersecurity investment — and that means executives will need to become conversant with the breadth and depth of technologies and solutions available in the cybersecurity industry.

After all, today’s cybersecurity defenses are diverse and the right combination of technologies is different for every organization.

An industry breakdown by Gartner highlights the industry’s diversity and relative growth across its key segments, which have diversified in line with the increasingly complex nature of the digitally transformed enterprise.

Cloud security spending, for example, will grow at 41.2 percent this year while data security (17.5 percent), infrastructure protection (16.8 percent), identity access management (15.6 percent), integrated risk management (12.6 percent), and security services (11.4 percent) are also leading the sector’s growth.

“Tech analysts don’t extensively cover spending around large swaths of our market including consumer security, ICS (Industrial Control Systems) security and IIoT (Industrial Internet of Things) security, maritime and aviation security, amongst others,” says Morgan. “As a result, (real) cybersecurity spending has been underestimated.”

The mix of cybersecurity spending is likely to continue changing over time as new threats and shifting defences drive the cybersecurity market of 2025 to look very different than it does now.

A key part of this growth will come as innovative startups are commercialized at a record pace.

Global cybersecurity venture funding passed $9 billion in the first half of this year, according to Crunchbase figures that showed the sector already exceeded last year’s record $7.8 billion of investment.

Backed by substantial funding, many new technologies will morph traditional cybersecurity segments in new ways, either by creating important new startups or by expanding the capabilities and product ranges of existing firms.

“If you want to mitigate the risk,” Yampolskiy said, “you have to take risk by trying out technologies and vendors and startups that may not be as established.”

CISOs make all the difference

With cybercrime predicted to cost the world $10.5 trillion annually by 2025, up from $3 trillion a decade ago and $6 trillion in 2021, commensurate growth in cybersecurity expenditure will be crucial to keep up.

However, companies without the right business-cybersecurity interface may find they are spending the right money in the wrong places.

To most effectively allocate cybersecurity spend, executives need to work alongside IT and cybersecurity specialists to correlate business risk with technology risk — and to identify mutually beneficial solutions that meet corporate objectives as well as protecting systems and data spread across hybrid cloud environments.

A great way to facilitate these conversations is to appoint a CISO, who can help monitor the cybersecurity sector and match company expenditure to business priorities.

Strong institutionalized recognition of the CISO’s importance is a good indicator that the increased cybersecurity spending will go to the right areas — yet despite previous predictions, many companies still don’t have them, or don’t recognize them as business-critical if they do.

Just look at the leadership page of most Fortune 500 companies. “In almost no circumstances… is a CISO listed on the leadership page,” Yampolskiy pointed out. “And until that’s happening, we’re not going to really say that security has an unlimited budget, and getting access to the boardroom.”

“CISOs are being invited there, but they are being invited for 5 to 10 minutes to show a couple of slides and then go back” to their offices. “But it all really starts at the board — and if you don’t start asking the right questions at board level, it’s not going to cascade downwards.”

If push comes to shove

“Cybersecurity is the only line item that theoretically has no spending limit,” says Morgan. “There is a budget before a company suffers a cyberattack or a series of them, and then there’s the actual spend that takes place afterwards. What business or consumer isn’t going to do and spend whatever it takes to recover from being hacked?”

While all other tech sectors are driven by reducing inefficiencies and increasing productivity, cybersecurity spending is driven by cybercrime.

In 2015, Bank of America CEO Brian Moynihan declared that the nation’s second-largest lender had an unlimited cybersecurity budget. “Moynihan was brutally honest,” says Morgan. “But really, what he said then is true now and in the future for Fortune 500 and Global 2000 enterprises all the way down to Main Street businesses. He just had the courage to say it without worrying about the repercussions.”

Look no further than ransomware, the fastest-growing type of cybercrime, to reinforce the notion of unlimited budgets when it comes to cybersecurity. “Organizations (and individuals) can not possibly anticipate their spend in response to a ransomware attack,” Morgan points out, “and they’ll never say there’s no more budget to deal with it.”

Markets aren’t sized by unlimited budgets or the extraordinary lengths that companies are willing to go to if push comes to shove, but it is one of the dynamics in the burgeoning cybersecurity space.

Tech giants

Following a recent convene at the White House, several major technology companies, including Apple, Amazon Web Services (AWS), and IBM, announced new cybersecurity initiatives from 2021 to 2025.

Microsoft is quadrupling its cybersecurity investment to $20 billion over the next five years, up from the $1 billion per year they’ve been spending on cybersecurity since 2015.

Google’s CEO announced the search giant will invest more than $10 billion over the next five years in cybersecurity. The effort will include helping to secure the supply chain and strengthening open-source security. 

Cybersecurity Ventures plans to release additional market data on cybersecurity investments by tech giants, as well as government cybersecurity budgets globally, all of which falls under its total global cybersecurity spending prediction for the 2021 to 2025 period.

David Braue is an award-winning technology writer based in Melbourne, Australia.

Go here to read all of David’s Cybercrime Magazine articles.

Sponsored by SecurityScorecard

SecurityScorecard is the global leader in cybersecurity ratings and the only service with over two million companies continuously rated. Our mission is to make the world a safer place by transforming the way companies understand, improve and communicate cybersecurity risk to their boards, employees, and vendors.