Skip links

2020 Roundup of Cybersecurity Forecasts And Market Estimates

As originally published by Louis Columbus on
April 5th, 2020


• Enterprises are predicted to spend $12.6B on cloud security tools by 2023, up from $5.6B in 2018, according to Forrester.
• Enterprise spending on cloud security solutions is predicted to increase from $636M in 2020 to $1.63B in 2023, representing a 26.5% CAGR.
• Spending on Infrastructure Protection is predicted to increase from $18.3B in 2020 to $24.6B in 2023, representing a 7.68% CAGR.
• Endpoint security tools are 24% of all I.T. security spending, and by 2020 global I.T. security spending will reach $128B according to Morgan Stanley Research.
• 71% of UK-based business decision makers believe the shift to 100% remote working during the COVID-19 crisis has increased the likelihood of a cyber-breach according to research by Centrify.
• 70% of all breaches still originate at endpoints, despite the increased I.T. spending on this threat surface, according to IDC.</p style=”text-align:center;”

Cybersecurity now dominates the agenda of organizations as they adapt to a post-COVID 19 world. Remote workers identities’ and devices are the new security perimeter. This is what Zero Trust Security was designed for, and the post-pandemic world is its acid test and crucible. To learn more about how zero trust works, be sure to watch Forrester Principal Analyst Dr. Chase Cunningham’s video, “Zero Trust, in Practice” here. Dr. Cunningham’s latest book Cyber Warfare – Truth, Tactics, And Strategies, is a good read. Cyber attackers are quick to attack new unprotected threat surfaces created when tens of millions of employees started working from home. In a post-COVID-19 world, Hence cybersecurity becoming as critical as Internet access itself.
Key insights from the series of cybersecurity market forecasts and market estimates include the following:

• The global cybersecurity market is currently worth $173B in 2020, projected to grow to $270B by 2026. By 2026, 77% of cybersecurity spending will be for externally managed security services. While money spent on in-house or internal cybersecurity functions is expected to grow 7.2% each year leading to 2026, global spending on external cybersecurity products and services is projected to increase by 8.4% annually over the same period. Source: Australian Cyber Security Growth Network, SCP – Chapter 1 – The global outlook for cybersecurity, 2020.
Network, data, and endpoint security are the three leading use cases of A.I. in cybersecurity today, according to I.T. executives. Capgemini interviewed I.T. executives from ten nations to gain new insights into A.I.’s most popular use cases for cybersecurity. The COVID-19 pandemic has accelerated each of these use cases, with endpoint security becoming the most urgent priority, as nearly every organization has employees working from home. Source: Statistica.

• The global cybersecurity market is predicted to grow from $167.1B in 2019 to $248.26B by 2023, representing a 10.4% CAGR, according to Statista. Worldwide security spending on Identity Access Management reached $10.58B in 2019. The study also found that spending on security services, the largest segment of the information security market, reached $64.24B in 2019. Source: Statista.

• 87% of enterprises identified mobile threats as growing fastest this year, outpacing other threat types, based on Verizon’s Mobile Security Index 2019. Mobile devices and the identities they represent are the new security perimeter for every organization today. By killing passwords and replacing them with a zero-trust framework, breach attempts launched from any mobile device using pirated privileged access credentials can be thwarted. Leaders in the area of mobile-centric zero trust security include MobileIron, whose innovative approach to zero sign-on solves the problems of passwords at scale. When every mobile device is secured through a zero-trust platform built on a foundation of unified endpoint management (UEM) capabilities, zero sign-on from managed and unmanaged services become achievable for the first time. Sources: Verizon’s Mobile Security Index 2019 and Verizon Mobile Security Index (MSI) 2020 Report, January 2020 (70 pp., PDF, no opt-in)

• The global cyber insurance market, as measured by gross written premiums, is forecast to be $8B in 2020, compared to a $124B global cybersecurity market. Organizations primarily focus their cyber risk management strategies on prevention by investing in technological frontline cyber defenses. Meanwhile, spending on other tools and resources for cyber risk management, such as cyber insurance or event response training, remains a fraction of the technology budget. Source: Microsoft, 2019 Global Cyber Risk Perception Survey, September 2019 (36 pp., PDF, no opt-in)

• Over 42% of endpoints experience encryption failures, leaving entire networks at risk from a breach and 100% of all devices experiencing encryption failures within one year. They’re most commonly disabled by users, malfunction, have error conditions or have never been installed correctly in the first place. Absolute Software’s 2019 Endpoint Security Trends Report found that endpoints often failed due to the fragile nature of their encryption agents’ configurations. 2% of encryption agents fail every week, and over half of all encryption failures occurred within two weeks, fueling a constant 8% rate of decay every 30 days. Multiple endpoint security solutions conflict with each other and create more opportunities for breaches than they avert. The study based on data gathered from over 1B change events on over 6M devices is the basis of the multi-phased methodology. The devices represent data from 12,000 anonymized organizations across North America and Europe. Each device had Absolute’s endpoint visibility and control platform activated. Source: Absolute Software 2019 Endpoint Security Trends Report.

• There has been a 667% increase in spear-fishing e-mail attacks related to COVID-19 since the end of February alone. Microsoft thwarts billions of phishing attempts a year on Office365 by relying on heuristics, detonation, and machine learning, strengthened by Microsoft Threat Protection Services. Kount discovered that e-mail age is one of the most reliable identity trust signals there is for identifying and stopping automated, fraudulent activity. Based on their research and product development, Kount announced Email First Seen capabilities as part of its AI-powered Identity Trust Global Network, which consists of fraud and trust signals from over half a billion email addresses. It also spans 32 billion annual interactions and 17.5 billion devices across 75 business sectors and 50-plus payment providers and card networks. The following is an overview of Kount’s technology stack and their Email First Seen solution. Source: How To Know If An E-Mail Is Trustworthy, March 11, 2020.

• Fraud detection, malware detection, intrusion detection, scoring risk in a network, and user/machine behavioral analysis are the five highest A.I. use cases for improving cybersecurity. Capgemini analyzed 20 use cases across information technology (I.T.), operational technology (O.T.), and the Internet of Things (IoT) and ranked them according to their implementation complexity and resultant benefits (in terms of time reduction). The following graphic compares the recommended use cases by the level of benefit and relative complexity. Source: Capgemini, Reinventing Cybersecurity with Artificial Intelligence, A new frontier in digital security (28 pp., PDF, no opt-in)

• The average total cost of a data breach in the U.S. for the companies studied has grown from $3.54M in 2006 to $8.19M in 2019, a 130% increase over 14 years. The average total cost of a data breach in the healthcare industry was $6.45M, or 65% higher than the average total cost of a data breach. Source: IBM, 2019 Cost of Data Breach Report (76 pp., PDF, no opt-in).

• The global cybersecurity market will be worth $300B by 2024, according to Global Insights. The research firm also predicts Asia/Pacific will see a 20% CAGR in cybersecurity spending between 2019 and 2025. Source: Global Market Insights.

• On average, an enterprise has six incidents of fraud in the last 24 months, with Financial Services firms being the primary target. PwC also found that 47% of enterprises interviewed had experienced fraud in the past 24 months. The study found that fraud is outpacing, asset misappropriation, bribery & corruption. The following graphic compares the most disruptive fraud events by industry. Source: PwC, Fighting fraud: A never-ending battle PwC’s Global Economic Crime and Fraud Survey (14 pp., PDF, no opt-in).

• Enterprises who lead their industries in cyber resilience rely in A.I. to reduce the number of successful attacks and deliver a more consistent quality of response. Accenture found that when it comes to cyber resilience, there is an elite group of leader companies that comprised 17% of their sample, with 74% being average performers. Leaders know which technologies help to achieve a broader level of cybersecurity success. According to Accenture, non-leaders should consider refocusing their investment priorities toward the technologies which bring benefits that help to fill in some of the performance gaps and achieve a broader level of cybersecurity success. Source: Accenture, Innovate for Cyber Resilience, Lessons from Leaders to Master Cybersecurity Execution (48 pp., PDF, no opt-in).

• 71% of UK-based business decision makers believe the shift to 100% remote working during the COVID-19 crisis has increased the likelihood of a cyber-breach. 53% believe that privileged IT admin remote access is at risk of security breach and 46% have already noted an increase in phishing attacks since implementing a policy of widespread remote working. 79% of business decision makers have increased their cyber security procedures to manage high volumes of remote access over the next three months. 73% of businesses have given staff extra training on how to remain cyber-safe when working remotely, with specific training around verifying passwords and log-in credentials. “Cyber criminals will no doubt attempt to seize the opportunity presented by the all-out expansion of remote workers, many of whom have not been proficiently trained in even the most basic of cyber security measures. Therefore, it is essential that businesses and employees remain vigilant during these challenging times,” said Andy Heather, VP at Centrify. These and many other insights are from data obtained via a poll of 200 senior business decision-makers in large- and medium-sized UK companies conducted by independent polling company Censuswide on behalf of Centrify. Source: Remote Working Has Increased Risk of Cyber-Breach, Say Three Quarters of UK Businesses.

Find the original article on