Spending on information security products is expected to increase by 11.3% in 2023, driven in part by a rise of remote and hybrid work, according to a new report by Gartner. (Photo by Hu Chengwei/Getty Images)

Gartner last week estimated that spending on information security and risk management products and services will grow 11.3% in 2023, reaching more than $188.3 billion.

Cloud security will have the strongest growth over the next two years. Companies are also focusing on environmental, social and governance (ESG), as well as third-party, cybersecurity and privacy risk.

Based on its findings, Gartner identified three factors influencing growth in security spending: the increase in remote and hybrid work, the transition from VPNs to zero-trust network access, and the shift to cloud-based delivery models.

“The modern CISO needs to focus on an expanding attack surface created by digital transformation initiatives such as cloud adoption, IT/OT-IoT convergence, remote work, and third-party infrastructure integration,” said Ruggero Contu, senior director analyst at Gartner. “Demand for technologies and services such as cloud security, application security, zero-trust network access, and threat intelligence has been rising to tackle new vulnerabilities and risks arising from this exposure.”

Attackers understand that remote and hybrid environments are here to stay, said Adam Gavish, co-founder and CEO at DoControl. Gavish said it's important for security teams to maintain a “think like an attacker mindset,” as there’s an entirely new threat landscape that attackers are looking to exploit.

“We’ve seen this in ransomware attacks, where SaaS and web applications are now targeted as a means to gain direct access to a company's most critical data stores,” Gavish said. “As remote working environments evolve, so do the security risks. Finding the right combination of tools and technologies is paramount to mitigate both the short- and long-term risks.    

John Yun, vice president, product strategy at ColorTokens, added that despite the uncertainty in today’s global economy, organizations are not slowing down their innovation and cybersecurity investments. Companies are putting a lot of money and resources behind initiatives such as zero-trust and microsegmentation to fight modern cyber threats, said Yun.

“When you couple the accelerated pace of innovations with the new modern security concepts and products, the need for spending in these areas shows no sign of slowing down,” said Yun.