James Henderson

Battle lines drawn as Australian channel fights for security services dollar

Against the backdrop of increased end-user spending on security and risk management in Australia, ecosystem battle lines are being drawn as the channel competes for an expanding services budget.

This is a local market projected to invest approximately AU$7.74 billion on strengthening corporate protection levels in 2024, representing double-digit growth of 11.5% compared to 2023.

Notably, security services is now viewed as “by far the largest category” of security spending and is expected to represent almost half of overall budgets nationwide.

According to Gartner research – citing a combination of local and global figures – that equates to a total addressable market of roughly AU$3.24 billion on security services in Australia during the next 12 months.

This is based on an assumption by Gartner that security services will represent 42% of total security and risk management end-user spending worldwide in 2024.

“In light of cyber risks increasing, cyber threats proliferating and a changing operating environment, it is more critical than ever for organisations to build and optimise a cyber security program,” said Shailendra Upadhyay, Senior Research Principal at Gartner.

“It is the cornerstone of cyber security initiatives which help security leaders secure new environments, protect against the expanded attack surface, consume security capabilities in new ways and create better efficiencies through automation.”

Gartner

Of note to the ecosystem, the security services market can best be segmented into:

  • Consulting
  • IT Outsourcing
  • Implementation
  • Hardware Support

Within that breakdown, channel partners are assessing which segment will generate the highest return on investment given the escalating costs of building a dedicated cyber security practice.

The Australian market is already overflowing with managed service providers (MSP) delivering either end-to-end or product specific offerings, most of which are seeking a bridge into security.

Waiting for them on the other side is a rising number of managed security service providers (MSSP) however, going to market through strategic acquisition – such as Tesserent, CyberCX or Sekuro – or as a result of increased in-house investment.

This is in addition to the continued and established presence of consulting giants and global system integrators (GSIs) – each with dedicated cyber advisory practices – plus the emergence of insurance and analyst firms operating on the peripheral.

Collectively, this is a crowded ecosystem fighting for every dollar spent on security in Australia.

When slicing up the security services pie however, some areas appear more lucrative than others. As noted by Gartner, the compound annual growth rate (CAGR) of each segment until 2027 is expected to be:

  1. Consulting: 12.8%
  2. IT Outsourcing: 8%
  3. Implementation: 6.4%
  4. Hardware Support: 5.6%

Translated into dollar spending – calculated and reported in USD based on worldwide data – this can be interpreted as:

Consulting:

Defined by Gartner as the bundle of “expert-driven” consulting services directed at assisting enterprises to “identify, manage and mitigate” IT and enterprise compliance risk. This specifically focuses on risk and compliance advisory services directly affecting or influencing IT.

Projected global spending (in USD):

  • 2024: $40.2 billion
  • 2025: $45.5 billion
  • 2026: $50.5 billion
  • 2027: $54.8 billion
  • CAGR (2022-2027): 12.8%

IT Outsourcing:

Considered as the use of external service providers to effectively deliver IT-enabled business process, application service and infrastructure solutions for business outcomes. According to Gartner, this approach can enable enterprises to reduce costs, accelerate time to market and take advantage of external expertise, assets and/or intellectual property.

Projected global spending (in USD):

  • 2024: $26.4 billion
  • 2025: $28.5 billion
  • 2026: $30.8 billion
  • 2027: $33.2 billion
  • CAGR (2022-2027): 8%

Implementation:

This specifically refers to the installation of new hardware or software systems or applications in the context of cyber security. In some cases this could extend to the creation of complex systems that may include designing or building a customised architecture or application, as well as integrating it with new or existing hardware, packaged and custom software and communications.

Projected global spending (in USD):

  • 2024: $21.4 billion
  • 2025: $22.8 billion
  • 2026: $24.3 billion
  • 2027: $25.9 billion
  • CAGR (2022-2027): 6.4%

Hardware Support:

According to Gartner, these are preventive and remedial services that physically repair or optimise hardware, including basic installation, contract maintenance and per-incident repair – both on-site and at a centralised repair depot. Hardware support also includes telephone technical troubleshooting and assistance for set-up and all fee-based hardware warranty upgrades.

Projected global spending (in USD):

  • 2024: $1.8 billion
  • 2025: $1.9 billion
  • 2026: $2 billion
  • 2027: $2.1 billion
  • CAGR (2022-2027): 5.6%

As explained by Upadhyay, the security consulting services market grew due to stringent regulatory and compliance mandates, alongside high spending by the government sector and heightened demand for tailored and vertical-specific solutions. Additional factors also include an evolving threat landscape and ongoing digital transformation initiatives.

According to Gartner findings – published via Forecast Analysis: Information Security and Risk Management, Worldwide – many top security consulting firms showed higher-than-average growth during the past 12-24 months.

“However, the forecast signals moderate growth longer term due to market uncertainty,” Upadhyay clarified.

Specific to IT outsourcing, managed security services growth is forecast to be accelerated by the continued adoption of managed detection and response (MDR) solutions.

“Some providers are exhibiting declines due to divestitures and a shift in security device management services,” Upadhyay added. “There are many network security capabilities that have moved to the cloud, such as secure web gateway [SWG] and zero trust network access [ZTNA].”

Furthermore, Upadhyay said many vendors and partners are also converging toward security service edge (SSE) offerings with such capabilities delivered as-a-service.

“End-users favour cloud-delivered security services as part of the overall digital transformation,” he advised. “This trend diminishes the need for security device management services and also impacts implementation and hardware support services.”

Market forces drive security spending growth

More broadly speaking, worldwide end-user spending on security and risk management is projected to total $215 billion in 2024.

According to Gartner, this represents an increase of 14.3% from 2023, which is estimated to reach $188.1 billion.

“The continuous adoption of cloud, continuous hybrid workforce, rapid emergence and use of generative AI and the evolving regulatory environment are forcing security and risk management leaders to enhance their security and risk management spending,” Upadhyay said.

Spending on data privacy and cloud security are projected to record the highest growth rates in 2024, with each segment increasing more than 24% year-over-year.

Meanwhile, privacy remains a top organisational priority as regulations that impact the processing of personal data continue to emerge, including those related to the use of AI.

Gartner predicts that by 2025, 75% of the world’s population will have its personal data covered by modern privacy regulations.

“At the same time, leaders are focusing their efforts by adopting technical security capabilities that provide far greater visibility and responsiveness across the organisation’s entire digital ecosystem and restructuring the way the security function operates to enable agility without compromising security,” Upadhyay added.

Gartner

According to Gartner, the continued growth in public cloud services will bolster spending on cloud security tools.

In the cloud security segment, the combined spending on cloud access security brokers software (CASB) and cloud workload protection platforms (CWPP) is projected to total $7 billion in 2024, up 24.7% from 2023.

Demand for cloud-based detection and response solutions – such as endpoint detection and response (EDR) and managed detection and response (MDR) – is also expected to increase in 2024.

SIGN UP FOR INSIGHTS VIA MOXIE MAIL

Inform your opinion with executive guidance, in-depth analysis and business commentary.