According to the World Economic Forum, cybercrime damages are projected to reach $6 trillion in 2021, which would equal the GDP of the world's third largest economy. Spending by enterprises on cybersecurity is continuing to grow, defying the pandemic-driven economic downturn impacting global IT spending.

While the global research and advisory firm Gartner predicts that IT spending will decline by 8% this year, security and risk management is predicted to grow by 2.4%, which is less than the projected growth rate of 8.7% earlier this year.

According to Gartner, eight out of 10 cybersecurity markets are expected to grow faster than the market average, with cloud security augmenting the fastest. Cloud security is the smallest but fastest-growing segment of the cybersecurity market, with a market size of $439 million last year. It is projected to grow by 33% this year, driven by the small initial market size and companies’ opting for cloud-based cybersecurity solutions.

Gartner predicts that networking security equipment, including firewall equipment and intrusion detection and prevention systems (IDPS), will be the most impacted by the pandemic-induced hard reset on enterprise IT spending.

Organizations are finding it easier to pilot cloud-based cybersecurity applications with remote IT teams — another advantage this delivery model has over traditional on-premises deployments. Cloud-based cybersecurity platforms also provide much-needed analytics and reporting that help to further prove their business case. 

“Cloud computing has proven battle-ready during COVID-19, demonstrating it can support unplanned, unexpected, and dynamic needs,” says Juta Gurinaviciute, chief technology officer at NordVPN Teams.

While other tech sectors are driven by reducing inefficiencies and increasing productivity, cybersecurity spending is driven by cybercrime and increased risk. The unprecedented level of cybercriminal activity we are witnessing is generating so much spending that it is becoming nearly impossible for analysts to track it accurately.

The World Economic Forum's "Global Risks Report 2020" stated that cybercrime will be the second most concerning risk for global commerce over the next decade. It's also the seventh most likely risk to occur, and the eighth most impactful.

With the increase in cyberattacks, organizations are continuing to spend more money on security. However, without a focused cybersecurity strategy, they often spend it in the wrong areas.

“Just increasing spending won’t solve the problem if it isn’t properly aligned with the threats that business faces or could face in the future,” said Gurinaviciute.

Among others, the top priority items include securing unpatched servers, data encryption,  and proper data (which is visible on the internet) classification. “If companies spend their security budget solely on these top priority items and are unable to fix them, then it’s likely those companies will need to increase their cybersecurity budgets even further in 2021,” Gurinaviciute added.

Companies and their employees have been thrust into a remote working environment rather suddenly, with many organizations’ remote networking capabilities still not as shielded as their on-premises IT infrastructures. This rapid shift has left many unsecured gaps that malicious actors are looking to exploit for financial gain — or to simply disrupt usual operations. The priority now is to secure endpoints and implement stronger authentication protocols for the cloud and other off-premises networks.

This also lines up with the IT security experts’ initial security investment expectations. While organizations are now expected to lower their financial commitments, the prevalence of remote work has also pushed to the forefront the necessity for reliable, comprehensive cybersecurity measures.

“Awareness of cybersecurity risks is growing, and more companies are allocating resources to cyberrisk management,” said Gurinaviciute. “Still, cybersecurity spending is far from where it needs to be, given the monumental scale — and urgency — of the threat.”