Indian Firms Need To Improve Their IT Security Posture: Gartner

by Swaminathan B    Aug 29, 2017


Indian companies on an average spend only around 7% of their IT budget on security at present, but owing to rising awareness on growing cyber threats, the percentage is likely to increase 0.6% every year, according to research firm Gartner. At the latest Gartner Security & Risk Management Summits 2017 taking place in Mumbai, researchers said that firms that spend diligently in security products and services, is spending around 15% of the IT budget.

Gartner also said that spending on information security products and services in India will reach $1.5 billion in 2017 in constant currency terms, an increase of 12 percent over 2016, with spending expected to grow to $1.7 billion over the next one year.

Security services will continue to be the fastest growing segment, especially IT outsourcing, consulting and implementation services. However, hardware support services will see growth slowing, due to the adoption of virtual appliances, public cloud and software as a service (SaaS), which reduces some of the need for attached hardware support overall.

According to Gartner, security and risk leaders are being asked to inform, advise and enable buisness-critical digital risk decisions. From the sale perspective, traditional approaches towards selling security rarely win in this new environment and with new competitions, people should change the approach for selling. Speaking on SIEM, Gartner feels it a new market and many companies are implementing the same.

The strong growth of security services in India is due to the widespread skills shortages and proliferation of new security initiatives that several large organizations in India are engaging in. Many Indian enterprises are in their first or second iteration of creating and maturing their security program, meaning that they have a need for a wide range of security services to help build and grow their security processes and technologies. In particular, security monitoring and detection is a hot area for investment with organizations having to choose from a variety of architecture and delivery models that security services providers are offering.

“Rising awareness amongst CEOs and boards of directors about the business impact of security incidents, and an evolving regulatory landscape, have led to continued end user spending for security products and services,” said Siddharth Deshpande, principal research analyst at Gartner.

“However, improving security maturity is not just about spending on new technologies. As witnessed in the recent spate of global security incidents, getting the basics right has never been more important. Organizations can improve their security posture significantly just by addressing basic security and risk related hygiene elements like threat centric vulnerability management, centralized log management, internal network segmentation, backups and system hardening among others.” 

In the coming months, a lot more Indian firms would be looking to improve their security posture, believes the rersearcher.