End-user spending on security and risk management (SRM) in India is forecast to total $2.9 billion in 2024, an increase of 12.4% from 2023, according to a new forecast from Gartner, Inc.

Indian organizations will continue to increase their security spending through 2024 due to legacy IT modernization using cloud technology, industry demand for digital platforms, updated regulatory environment, and continuous remote/hybrid work.

“In 2024, chief information and security officers (CISOs) in India will prioritize their spending on SRM to improve organizational resilience and compliance,” said Shailendra Upadhyay, Sr Principal at Gartner. “With the introduction of stringent government measures mandating security breach reporting and digital data protection, CISOs are facing heightened responsibility in safeguarding critical assets against evolving cyber threats.”

Gartner analysts are discussing strategies to enhance business resilience by improving threat and exposure visibility, response planning, and risk prioritization at the Gartner Security & Risk Management Summit, taking place in Mumbai through today.

In 2024, cloud security spending in India is projected to record the highest growth (see Table 1). The adoption of cloud and multi-cloud presents security challenges, causing an increased focus on cloud security by Indian organizations.

Table 1. Security and Risk Management End-User Spending for All Segments in India, 2023-2024 (Millions of U.S. Dollars)

 

Segment

2023 Spending 2023

Growth (%)

2024 Spending 2024

Growth (%)

Application Security 49 9.3 56 15.1
Cloud Security 94 24.8 121 28.0
Consumer Security Software 103 0.2 106 2.6
Data Privacy 14 11.1 17 20.2
Data Security 35 13.8 40 12.9
Identity Access Management 203 8.8 224 10.5
Infrastructure Protection 370 17.4 446 20.4
Integrated Risk Management 140 21.2 175 24.8
Network Security Equipment 360 6.0 407 13.1
Security Services 1,151 4.8 1,245 8.1
Others 99 35.9 108 8.4
Total 2,620 9.4 2,944 12.4

Source: Gartner (February 2024)

“The utilization of multiple software as a service (SaaS) and infrastructure as a service (IaaS) cloud providers, along with accessing cloud from homes and other unmanaged locations due to hybrid work arrangements, has further emphasized the necessity for security controls, leading to an increase in cloud security spending,” said Upadhyay.

Spending on infrastructure protection is projected to grow 20.4% in 2024. This is fueled by the expansion of both the endpoint protection platform (EPP) and security information and event management (SIEM) markets, which make up the majority of the infrastructure protection market. Local organizations are seeking a comprehensive SIEM system that can cater to their diverse security and business needs. Furthermore, with the increasing prevalence of remote work, organizations are reconsidering their methods for implementing endpoint security, resulting in increased use of cloud based EPP solutions that incorporate endpoint detection and response (EDR) capabilities.

Most Urgent Cybersecurity Trends for Indian CISOs in 2024

The emergence of generative AI (GenAI) has caused one of the biggest disruptions in digital and business sectors in the last couple of years. “Through ethical, safe and secure implementation of this technology, CISOs can improve the performance of their security functions and enhance organizational resilience,” said Abhyuday Data, Director Analyst at Gartner.

While managing GenAI presents inevitable challenges, there are also external factors to consider, such as regulatory concerns and the rapid adoption of cloud computing.

To effectively handle the combined impact of these forces and enhance their organization’s cybersecurity program in 2024, CISOs in India must prioritize two top cybersecurity trends:

  • GenAI Transforming the Cybersecurity Market: GenAI introduces new attack surfaces requiring  changes to application and data security practices and user monitoring. Gartner predicts that by 2025, GenAI will cause a spike in the cybersecurity resources required to secure it, causing more than a 15% incremental spend on application and data security.

Gartner analysts said organizations should conduct proof of concepts before incorporating GenAI into their cybersecurity programs, beginning with application security and security operations. A policy for overseeing the introduction of GenAI-based products into the organization must also be established, to ensure that all internal teams using this technology understand and adhere to a set of unified policies.

  • Bridging the Communications Gap with Cybersecurity Outcome-Driven Metrics: Outcome driven metrics (ODMs) are central to creating a defensible cybersecurity investment strategy. They provide a credible and defensible expression of risk appetite that supports direct investment.

“ODMs enable SRM leaders to convey the value of cybersecurity investment beyond the importance of regulatory compliance,” said Data. “Organizations seeking an approach to measure cybersecurity value that resonates with executives and supports practical investment decisions must adopt ODMs.”