End-user spending on security and risk management (SRM) in India is forecast to total $2.9 billion in 2024, an increase of 12.4% from 2023, according to a new forecast from Gartner, Inc.
Indian organisations will continue to increase their security spending through 2024 due to legacy IT modernisation using cloud technology, industry demand for digital platforms, updated regulatory environment, and continuous remote/hybrid work.
“In 2024, chief information and security officers (CISOs) in India will prioritise their spending on SRM to improve organisational resilience and compliance,” said Shailendra Upadhyay, Sr Principal at Gartner. “With the introduction of stringent government measures mandating security breach reporting and digital data protection, CISOs are facing heightened responsibility in safeguarding critical assets against evolving cyber threats.”
Gartner analysts are discussing strategies to enhance business resilience by improving threat and exposure visibility, response planning, and risk prioritisation at the Gartner Security & Risk Management Summit, taking place in Mumbai through today.
In 2024, cloud security spending in India is projected to record the highest growth. The adoption of cloud and multi-cloud presents security challenges, causing an increased focus on cloud security by Indian organisations.
“The utilisation of multiple software as a service (SaaS) and infrastructure as a service (IaaS) cloud providers, along with accessing cloud from homes and other unmanaged locations due to hybrid work arrangements, has further emphasised the necessity for security controls, leading to an increase in cloud security spending,” said Upadhyay.
Spending on infrastructure protection is projected to grow 20.4% in 2024. This is fueled by the expansion of both the endpoint protection platform (EPP) and security information and event management (SIEM) markets, which make up the majority of the infrastructure protection market. Local organisations are seeking a comprehensive SIEM system that can cater to their diverse security and business needs. Furthermore, with the increasing prevalence of remote work, organisations are reconsidering their methods for implementing endpoint security, resulting in increased use of cloud based EPP solutions that incorporate endpoint detection and response (EDR) capabilities.
Most Urgent Cybersecurity Trends for Indian CISOs in 2024
The emergence of generative AI (GenAI) has caused one of the biggest disruptions in digital and business sectors in the last couple of years. “Through ethical, safe and secure implementation of this technology, CISOs can improve the performance of their security functions and enhance organisational resilience,” said Abhyuday Data, Director Analyst at Gartner.
While managing GenAI presents inevitable challenges, there are also external factors to consider, such as regulatory concerns and the rapid adoption of cloud computing.
To effectively handle the combined impact of these forces and enhance their organisation’s cybersecurity program in 2024, CISOs in India must prioritise two top cybersecurity trends:
- GenAI Transforming the Cybersecurity Market: GenAI introduces new attack surfaces requiring changes to application and data security practices and user monitoring. Gartner predicts that by 2025, GenAI will cause a spike in the cybersecurity resources required to secure it, causing more than a 15% incremental spend on application and data security.
Gartner analysts said organisations should conduct proof of concepts before incorporating GenAI into their cybersecurity programs, beginning with application security and security operations. A policy for overseeing the introduction of GenAI-based products into the organisation must also be established, to ensure that all internal teams using this technology understand and adhere to a set of unified policies.
- Bridging the Communications Gap with Cybersecurity Outcome-Driven Metrics: Outcome driven metrics (ODMs) are central to creating a defensible cybersecurity investment strategy. They provide a credible and defensible expression of risk appetite that supports direct investment.
“ODMs enable SRM leaders to convey the value of cybersecurity investment beyond the importance of regulatory compliance,” said Data. “Organisations seeking an approach to measure cybersecurity value that resonates with executives and supports practical investment decisions must adopt ODMs.”