End-user spending on security and risk management in India is forecast to total $3 billion in 2024, an increase of 13.6% from 2023, according to new forecast from Gartner, Inc. In 2023, end-user spending on security and risk management in India is estimated to reach $2.7 billion.
Indian organizations are facing increased security exposure due to amplified digital transformation, cloud migration, and remote/hybrid work. This will continue to drive security spending in India through 2023 and early 2024.
“In 2024, Indian chief information security officers (CISOs) will prioritize their spending on security and risk management to comply with strict government measures for security breach reporting and digital data protection,” said Shailendra Upadhyay, Sr Principal, Research at Gartner. “Subsequently, local organizations will need to implement more sophisticated security solutions, such as identity access management and cloud security.”
Cloud Security Spending Takes Priority for Indian CISOs in 2024
End-user spending on security services in India will continue to be highest in 2023, as organizations rely on external security services due to their struggle with internal resources and capabilities. However, in 2024, end-user spending on cloud security is projected to record the highest growth at 28.9% (see Table 1).
Table 1. Security and Risk Management End-User Spending for All Segments in India, 2022-2024 (Millions of U.S. Dollars)
Segment |
2022 Spending | 2022 Growth (%) | 2023 Spending | 2023 Growth (%) | 2024 Spending | 2024 Growth (%) |
Application Security | 48.8 | 15.6 | 51.6 | 5.7 | 58.1 | 12.6 |
Cloud Security | 75.6 | 43.4 | 94.7 | 25.3 | 122.1 | 28.9 |
Consumer Security Software | 102.7 | 10.2 | 103.3 | 0.6 | 107.2 | 3.8 |
Data Privacy | 15.3 | 9.3 | 17.1 | 11.8 | 20.8 | 21.6 |
Data Security | 33.7 | 17.0 | 38.6 | 14.5 | 44.2 | 14.5 |
Identity Access Management | 201.5 | 10.2 | 219.4 | 8.9 | 244.2 | 11.3 |
Infrastructure Protection | 318.1 | 27.0 | 372.0 | 17.0 | 442.5 | 19.0 |
Integrated Risk Management | 136.9 | 25.8 | 166.5 | 21.6 | 210.1 | 26.2 |
Network Security Equipment | 343.4 | 10.6 | 373.8 | 8.8 | 439.1 | 17.5 |
Security Services | 1,098.3 | 5.0 | 1,155.5 | 5.2 | 1262.8 | 9.3 |
Others | 86.3 | 47.0 | 117.8 | 36.5 | 127.8 | 8.5 |
Total | 2,460.6 | 12.5 | 2,710.2 | 10.1 | 3,078.9 | 13.6 |
Source: Gartner (September 2023)
“Organizations in India are shifting their focus to cloud security spending because increased adoption of software as a service (SaaS) needs investment in cloud access security broker (CASB) which provides security controls to enable the safe use of SaaS applications,” said Upadhyay. “In addition, cloud workload protection platforms (CWPPs) investments are required to address protection requirements in diverse cloud-native workloads in hybrid and multi-cloud environments.”
End-user spending on integrated risk management (IRM) in India is also expected to increase significantly in 2024, growing 26.2%. The role that IRM can play in supporting organizations’ initiatives to improve timeliness and quality of risk analysis will boost IRM spending, particularly through 2024.
Data privacy spending is forecast to grow in double digits in 2024 because personal data collected digitally will continue to expand and it will be supplemented by the new data protection bill, making local organizations spend more on data privacy.
Focus Areas for CISOs in India
Cyberattacks remain a pressing concern for local organizations and CISOs must continue to take proactive measures to safeguard critical applications against potential breaches. Simultaneously, protecting valuable on-premises and cloud data from unauthorized access or compromise should be at the forefront of every cybersecurity leader’s strategic decision locally.
Further, identity-related attacks have emerged as one of the leading causes behind security breaches within India’s digital landscape. This is leaving Indian organizations exposed and coping with severe consequences. “It is imperative for Indian CISOs to allocate significant resources towards identity threat detection and response solutions that aid in identifying any abnormal activities originating from trusted accounts,” said Upadhyay.