Australia's spending on information security and risk management is anticipated to surge by 11.5% in 2024, exceeding AUD $7.3 billion, according to the newest forecasts from Gartner, a leading research and advisory company worldwide. The prediction indicates a significant change from the previous year, with the most considerable growth expected in cloud security, predicted to leap 26.9% within the same year.

The forecasts were unfurled during the Gartner Security & Risk Management Summit, taking place in Sydney. Perth-based Gartner expert Richard Addiscott, while discussing these findings during the summit, called attention towards increasing cybersecurity-related concerns within Australian organisations. The impetus, he suggested, is the rise in highly publicised cyberattacks in Australia and the growing regulatory obligations. Addiscott said, "Recent highly publicised cyberattacks in Australia, coupled with increasing regulatory obligations, are keeping security and risk top of mind for Australian organisations this year."

Addiscott also touched on the significance of emerging generative AI (GenAI)-enabled technologies and how their security should be a priority for organisations. "As the frequency and negative impact of cybersecurity incidents continues to rise, every organisation is worried about a potential fallout, and industry regulators are increasingly pushing for improved competence," he explained.

The forecasts from Gartner were backed by a recent global survey of over 2,400 CIOs and technology executives, including 87 from Australia and New Zealand. The survey showed that 87% of respondents from Australia and New Zealand expect cybersecurity to be the area with the largest increase in technology investment in 2024, a considerable jump from 62% in 2023.

In Australia, security services are projected to maintain the largest spending segment, predicted to reach almost AUD $4.3 billion in 2024, a 9.6% increase from 2023. These services include consulting, hardware support implementation, and outsourcing services, underscoring how crucial security service providers are in assisting Australian organisations navigate the terrain of emerging cybersecurity challenges.

Another focal point at the Gartner Summit was GenAI's role in introducing new attack surfaces that require robust security practices. Addiscott observed that GenAI will trigger a surge in the cybersecurity resources required to secure it, causing over a 15% additional spend on application and data security by 2025.

He further explained that despite the advantages offered by GenAI models, users must also deal with unique risks, necessitating new security practices focused on data protection, AI application security, and content anomaly detection. He remarked, "These new attack surfaces will drive security departments to spend time and money implementing GenAI security and risk management controls."

Gartner foresees GenAI spending being primarily integrated into enterprises through existing IT spending on software, hardware and services in the long term. "It’s reasonable to suggest we’ll see similar patterns when it comes to security spending as the security capabilities continue to evolve," added Addiscott.