Cybersecurity spending for critical infrastructure to pass $105 billion by 2021: ABI Research

Global spending on critical cybersecurity infrastructure is set to surpass $105 billion in 2021, according to a latest report by tech market advisory firm ABI Research.

The report found that COVID-19 has had little impact on security spending, instead it has led to increased demand for secure connectivity due to the surge in remote work. Asia Pacific is home to some of the world’s fastest growing economies, and the region is also leading the world in digital innovation and transformation.

The primary challenge of the COVID-19 pandemic has been for critical infrastructure to ensure that systems and services keep running smoothly, despite an increasingly remote workforce. As such, greater emphasis has been placed on ensuring that infrastructure operations can be securely monitored and managed remotely by authorised personnel.

“There is no denying that secure connectivity has become a key focus, not least with the revelations late last year of the SolarWinds Orion hack, which has brought into sharp focus the need for better vetting of services offered by third party contractors and remote update processes,”

“The scale of the intrusion clearly illustrates how vulnerable systems can be when they have weak links, and how easily threat actors can infiltrate and escalate privileges once access has been gained. The implications for national security are significant, and critical infrastructure operators and governments worldwide are now re-evaluating and re-assessing the risks as they relate to remote management,” said Michela Menting, Digital Security Research Director at ABI Research.

 

The brunt of security spending is still first and foremost focused on IT networks, systems, and data security from a defensive perspective.

“This is where the primary threats are focused, and operators are keenly aware of the potential ramifications of a breach there. However, increasing efforts are being placed on offensive security investments to better prepare response mechanisms, as well as securing operational technologies as operators in many sectors go through digital transformation and start evolving toward smart and connected IoT infrastructures,” Menting explained.

Progress is nonetheless slow, as many sectors are bound by regulations which can make it difficult to change quickly. In addition, new security processes require time for testing and validation before being greenlit for use, ensuring they don’t compromise the integrity or proper functioning of existing processes.

The report also found that spending is heavy in industries such as defence, financial services, and ICT. This is because governments and critical infrastructure operators are aware of the potential national security implications of cybersecurity breaches.

Spending on energy, water, and waste management still lags behind in comparison. As governments continue to pursue smart city developments and digital transformation efforts, the underlying risks in sectors will become more apparent and should be addressed more robustly in the near future.

“By and large, security spending in critical infrastructures is wide and varied, and diverges significantly among regions due to policy and regulation but is overall embracing cybersecurity much more holistically as connectivity and digitization continue to play increasing roles in everyday operations,” Menting concluded.

The spending has also been made as a result of increased IT downtime during COVID-19, faced by companies. According to a LogicMonitor survey, almost half of the enterprises in the Asia Pacific region have experienced an increase in IT downtime during the COVID-19 pandemic.