Is The Security Spending Party Over?
The security industry in recent years has experienced rapid double-digit growth and skyrocketing demand for a growing array of solutions.
However, some analysts are predicting that the party might be coming to an end in 2016, or at least starting to slow down.
"This is the first time I've ever had to deliver bad news," said Jane Wright, senior analyst covering security at Technology Business Research. "This is the first year of bad news in a long time."
[Related: FireEye CEO Confident Transformation To Platform Player Will Pay Off In 2016]
A Technology Business Research report, released earlier this week, predicted that security spending will grow 10.7 percent in 2016, down from a growth rate of 11.3 percent in 2015 and 12 percent in 2014. Wright said the slowdown is being driven by concern over the upcoming U.S. presidential election, a slowing China economy and European Union regulatory challenges.
Wright said some customers interviewed by Technology Business Research also cited what some are calling "breach fatigue" as a reason behind lower security spending. Year after year of mega breaches have caused massive jumps in reactionary security spending, Wright said companies are now saying, "There's not much more I can do."
A security slowdown in 2016 has been a hot topic of discussion in recent week and months, coming up on multiple year-end earnings calls. The consensus seems to be that CEOs are still optimistic about the opportunities that 2016 presents for security spending, but that they are expecting to see it normalize throughout the year.
"One way to think about it is there has been a lot of change in organizations. … If you look at the last couple of years, perhaps there was buying a lot of firewalls and people catching up, so to speak. As you look forward, it becomes more strategic," Fortinet CEO Ken Xie said on the company's fourth-quarter earnings call in January.
In an interview with CRN this month, FireEye CEO Dave DeWalt said he doesn't expect security spending to decline but he also doesn't expect it to explode. He said he predicts spending will be "incremental but it won't be a bubble" in 2016, calling the environment "normalized" on the company's fourth-quarter earnings call Thursday.
"We had what I call the 'Cyberbreach Era' – it was this awakening era in the last three or four years where the epiphanies of the problem were real. … All of this emergency spending just spiked the security budgets. I think you’ll see more normalized security spending for a while because I think the fear factor, while still high, isn’t in crisis mode," DeWalt said. "Right now, it looks like people feel like they’ve spent a lot of money on security and want the problem fixed. They are telling the CISOs to go operationalize what they’ve bought in the past few years."
CybeArk CEO Udi Mokady and Check Point Software Technologies CEO Gil Shwed also mentioned similar trends on their company's respective recent earnings calls.
However, some solution providers, who serve smaller markets, are saying that they expect security spending to significantly rise in 2016. Matt Johnson, CEO of Millersville Md.-based Phalanx Secure Solutions, said he expects his SMB customer base to ramp up its spending in the coming year as they work to secure their infrastructure as enterprises have in years past.
"I think what's going to happen is that bigger companies will spend less, so overall spending will go down, but small to medium companies will probably spend more," Johnson said.
As a result, Johnson said he expects to see strong growth for his security-focused solution provider business. He expects he will see between 18 percent and 19 percent growth for 2016, but it could stretch as high as 30 to 40 percent.
Beyond 2016, Technology Business Research predicts that security spending growth will rebound, hitting 12 percent in 2017, driven by settling election and macro trends, as well as a likely uptick in threats. Wright said certain technologies will also likely prove to be exceptions to a security spending slowdown, citing security incident event management, identity and access management, and mobile security technologies as examples.
"[Customers] are not saying they're not going to spend at all, they're saying they're putting it on the back burner for six to nine months until [these trends settle down]," she Wright said. "It's not that it's falling, it's getting pent up. It's getting pent up in 2016 and then we will be sprung forward in 2017."