Gartner Forecasts Security and Risk Management Spending in India to Grow 12% in 2024

GenAI-Driven Attacks Require Changes to Application and Data Security Practices and User Monitoring 

End-user spending on security and risk management (SRM) in India is forecast to total $2.9 billion in 2024, an increase of 12.4% from 2023, according to a new forecast from Gartner, Inc. 

Indian organizations will continue to increase their security spending through 2024 due to legacy IT modernization using cloud technology, industry demand for digital platforms, updated regulatory environment, and continuous remote/hybrid work.

“In 2024, chief information and security officers (CISOs) in India will prioritize their spending on SRM to improve organizational resilience and compliance,” said Shailendra Upadhyay, Sr Principal at Gartner. “With the introduction of stringent government measures mandating security breach reporting and digital data protection, CISOs are facing heightened responsibility in safeguarding critical assets against evolving cyber threats.”

Gartner analysts are discussing strategies to enhance business resilience by improving threat and exposure visibility, response planning, and risk prioritization at the Gartner Security & Risk Management Summit in Mumbai through today.

In 2024, cloud security spending in India is projected to record the highest growth (see Table 1). The adoption of cloud and multi-cloud presents security challenges, causing an increased focus on cloud security by Indian organizations.

Table 1. Security and Risk Management End-User Spending for All Segments in India, 

2023-2024 (Millions of U.S. Dollars)

2023 Spending2023Growth (%)2024 Spending2024 Growth (%)
Application Security499.35615.1
Cloud Security9424.812128.0
Consumer Security Software1030.21062.6
Data Privacy1411.11720.2
Data Security3513.84012.9
Identity Access Management2038.822410.5
Infrastructure Protection37017.444620.4
Integrated Risk Management14021.217524.8
Network Security Equipment3606.040713.1
Security Services1,1514.81,2458.1
Total 2,6209.42,94412.4
Source: Gartner (February 2024)

“The utilization of multiple software as a service (SaaS) and infrastructure as a service (IaaS) cloud providers, along with accessing the cloud from homes and other unmanaged locations due to hybrid work arrangements, has further emphasized the necessity for security controls, leading to an increase in cloud security spending,” said Upadhyay.  

Spending on infrastructure protection is projected to grow 20.4% in 2024. This is fueled by the expansion of the endpoint protection platform (EPP) and security information and event management (SIEM) markets, which comprise most of the infrastructure protection market. Local organizations seek a comprehensive SIEM system catering to their diverse security and business needs. Furthermore, with the increasing prevalence of remote work, organizations are reconsidering their methods for implementing endpoint security, resulting in increased use of cloud-based EPP solutions that incorporate endpoint detection and response (EDR) capabilities.

Most Urgent Cybersecurity Trends for Indian CISOs in 2024

The emergence of generative AI (GenAI) has caused one of the biggest disruptions in digital and business sectors in the last couple of years. “Through ethical, safe, and secure implementation of this technology, CISOs can improve the performance of their security functions and enhance organizational resilience,” said Abhyuday Data, Director Analyst at Gartner. 

While managing GenAI presents inevitable challenges, there are also external factors to consider, such as regulatory concerns and the rapid adoption of cloud computing.

To effectively handle the combined impact of these forces and enhance their organization’s cybersecurity program in 2024, CISOs in India must prioritize two top cybersecurity trends:

  • GenAI Transforming the Cybersecurity Market: GenAI introduces new attack surfaces requiring application and data security practices and user monitoring changes. Gartner predicts that by 2025, GenAI will cause a spike in the cybersecurity resources needed to secure it, causing more than a 15% incremental spend on application and data security. 

Gartner analysts said organizations should conduct proof of concepts before incorporating GenAI into their cybersecurity programs, beginning with application security and security operations. A policy for overseeing the introduction of GenAI-based products into the organization must also be established to ensure that all internal teams using this technology understand and adhere to a set of unified policies.

  • Bridging the Communications Gap with Cybersecurity Outcome-Driven Metrics: Outcome-driven metrics (ODMs) are central to creating a defensible cybersecurity investment strategy. They provide a credible and defensible expression of risk appetite that supports direct investment. 

“ODMs enable SRM leaders to convey the value of cybersecurity investment beyond the importance of regulatory compliance,” said Data. “Organizations seeking an approach to measure cybersecurity value that resonates with executives and supports practical investment decisions must adopt ODMs.”

Image Source: Freepik

Share on