IDC Security Market Data Reflects Economic Impact Of Cybercrime, Study Finds

A study that estimated the global cost of cybercrime at $400 billion also revealed information security market trend data from research firm IDC showing a burgeoning market for products associated with identifying threats, data protection and incident response activities.

The report, issued this week by the Center For Strategic International Studies, a Washington, D.C., think tank, estimates the global cost of cybercrime at $400 billion and projects the figure to climb substantially until public- and private-sector organizations implement stronger measures to address intellectual property theft. The study, commissioned by Intel Security (formerly McAfee), also highlighted data from Framingham, Mass.-based research giant IDC, projecting a steep rise in spending on digital forensics tools, next-generation firewalls, and identity and access management software. The increased spending on security products may be having a negative impact on the global economy, the report found.

The total addressable market for cybersecurity products and services has increased by 8.7 percent since 2011, from $53 billion to $58 billion in 2013, according to the report, which cited market statistics calculated by IDC. Business demand for cybersecurity products increased by 14.7 percent in the same period, and consumer demand increased by 10.7 percent.

[Related: The Total Global Cost Of Cybercrime? $400 Billion A Year And Growing ]

Sponsored post

The CSIS study estimates that spending could increase $10 billion annually in addition to the monetary losses from cybercrime. "As awareness of cyberisks grows, companies can better assess risk and spend more to manage, but if the problem were getting smaller, the market would be shrinking," the report found.

The figures were outlined in the report, "Net Losses – Estimating the Global Cost of Cybercrime,’ released by CSIS on Tuesday. It projects the global market for digital forensics growing 67 percent from $221 million in 2011 to $369 million in 2013 as companies grapple with security incidents and data loss. Meanwhile, the market for next-generation firewalls designed to detect and block malware or exploits in network traffic is showing a rise of 43 percent from $2.2 billion to $3.2 billion over the three-year period followed by the market for security information event management systems, showing a 21.9 percent increase from $1.3 billion to $1.5 billion.

Charles Kolodgy, research vice president of security products at IDC, told CRN that the statistics in the report outline the research firm's 2013 projections. New vendor share and forecast reports will be published within the next month for most markets, he said.

The increase in forensics is surprising, but it may reflect a shift in businesses using the tools as part of incident response following to a more proactive stance against attacks, said Mike Cotton, vice president of research and development at San Antonio-based Digital Defense, a firm that specializes in conducting audits on risk assessments of corporate networks. Businesses are also more aware of the surge in attacks associated with cyberespionage and intellectual property theft, Cotton told CRN.

"There's been a mindset shift of using these sorts of technologies on an ongoing basis rather than doing a deep dive once there is knowledge of an issue," Cotton said. "There's an interest in gaining a better understanding of how attacks are taking place to ensure that the infected machine didn't have relationships or credentials to critical systems or other machines."

NEXT: Cybersecurity Spending Negatively Impacts R&D, Job Growth

Larger organizations with deeper budgets layer a variety of networking and endpoint security technologies into SIEM systems in an attempt to increase visibility and uncover suspicious activity, said Michael Knight, chief technology officer of Greenville, S.C.-based Encore Technology Group. Knight said the belief at some organizations is to use best-of-breed products and a variety of detection measures over standardizing on any vendor's product line.

"Generally speaking, if you are proactively reviewing logs on a consistent basis and monitoring user access closely, you can greatly reduce the risk of a serious security incident," Knight said. "You may not catch it on day zero but you should be able to see it quickly."

The identity and access management market also is projected to increase 20.9 percent from $4 billion to $4.8 billion since 2011. The growth may indicate interest in better and less complicated ways to control access to sensitive systems and user provisioning in order to remove employees who no longer require access to company resources, Knight said. Companies want to keep an ongoing record of access to systems and services and monitor user behaviors to spot suspicious activity, he said.

While the IDC data may paint a rosy picture for solution providers with strong information security practices, it is having a negative impact on innovation and job growth, two factors that are essential to a healthy economy, according to the CSIS study. Businesses are shifting money from research and development activities and hiring skilled employees, according to the CSIS study, which cited an estimate from the International Trade Administration of losses from cybercrime could cost as many as 200,000 American jobs, roughly a third of 1 percent decrease in employment for the U.S. The recovery costs following a breach are showing no sign of declining despite the heavy investment in cybersecurity, according to the report.

While the market for security products is hot, investment in cybersecurity doesn't typically happen until a company is severely impacted by a security incident, said Robert McMillen, president of Portland, Ore.-based reseller All Tech 1. Criminals have consistently proven the effectiveness of standard, age-old attack techniques using stolen passwords, exploiting vulnerabilities and configuration weaknesses, McMillen said.

"It's a situation where after the accident is over, then you get the airbags," McMillen said. "It's an issue that requires more awareness and education on the part of solution providers."