- Most companies don't invest in IT security until after a security incident
- In large companies, IT security is generally the responsibility of the management
- Growing demand for IT security solutions Future growth primarily in health, banking/finance and energy sectors
Today companies are spending more on IT security measures than in recent
years and numerous organisations have established the issue as the
responsibility of top management. Nevertheless, the majority of companies do
not make the necessary investments until after a security incident has
occurred. These were some of the findings of the survey “Trends and
Forecasts in IT Security” that was conducted ahead of the it-sa trade fair that
is set to take place in Nuremberg from 10 to 12 October. Here are the main
conclusions from the questionnaire, which was carried out for the third time
and is representative of the more than 580 exhibitors at it-sa:
IT security budgets have increased
Whereas 75 percent of exhibitors from firms with more than 250
employees are currently reporting an increase in their IT security
budget, this was the case at only 35 percent of firms with up to 50
employees. At 67 percent, mid-sized companies are almost at the
same level as larger firms.
Two-thirds of companies only react after a security incident has occurred
Although budgets are growing, the exhibitors' customers do not do
anything to defend themselves before an attack occurs, but wait
until after an IT security breach to make the necessary
investments. This was confirmed by 65 percent of exhibitors.
This reduces the proportion of exhibitors whose customers are
mostly proactive to 35 percent. In 2016 and 2015 this value was as
much as 44 and 45 percent respectively.
IT security management is a question of the company's size
Once again, there is a difference between large and small companies
when it comes to implementing IT security measures: The bigger the
company the more likely it is to pursue systematic management
of IT security.
According to the it-sa exhibitors, 70 percent of companies with a
workforce of more than 250 have a systematic IT security concept,
compared with just 37 percent of firms with up to 50 employees. In the
case of companies with between 51 and 250 employees the proportion
is 52 percent.
In many companies, IT security is a job for the company’s management
In the course of digitalisation, there are certain elements to the risk
from cyberattacks that increasingly have to be regarded as businesscritical.
For the first time, therefore, exhibitors were asked whether their
customers had established IT security as a separate area of
responsibility within company management.
Here too, the bigger the company the more frequently IT security
was embedded at the highest levels of the company. For large
companies the figure was 57 percent, for mid-sized companies 49
percent and for small firms 47 percent.
IT security sector on the upturn
The IT security industry is booming, with 53 percent of exhibitors
seeing a strong upward trend and 40 percent an upward trend. For the
second time in succession, therefore, the mood in the sector has
Since the last it-sa, turnover volumes in the IT security field have
undergone a positive development for 84 percent of exhibitors.
None of the exhibitors reported a decline in sales.
Exhibitors expect that the EU General Data Protection Regulation will have a positive impact.
The EU General Data Protection Regulation is having a noticeable
influence on the expectations of it-sa exhibitors, 82 percent of whom
think it will have a positive or very positive effect on their business
development in the coming year.
The figure for this last year was 55 percent. This shows that some of
the companies now have to initiate measures.
Health system the most important growth driver
Exhibitors at it-sa were positive about current demand across all
Production and/or industry (86 percent of respondents), computing
centres (85 percent) and the health system (83 percent) are currently
the customer groups with the largest increases in demand.
In respect of the expected trend in demand in the future, the health
system leads the field, with 59 percent of exhibitors expecting
positive momentum in this area. Banking/finance and energy
suppliers follow in the rankings with 56 and 55 percent respectively.
IT security vendors create jobs
For the third time in succession around three-quarters of the
companies exhibiting at it-sa are employing more people than in the
About the exhibitor survey “Trends and Forecasts in IT Security”
On behalf of NürnbergMesse, independent market research institute Gelszus
conducted an online survey between 8 and 25 August 2017 of 533 exhibitors
who had registered for it-sa 2017. The participation rate was 21 percent,
making the results representative of the exhibitors at it-sa 2017.
The detailed poll results are available at:
Security trade fairs at NürnbergMesse
NürnbergMesse has established and proven expertise in the security field. As
the host of events such as Enforce Tac – trade fair for law enforcement, it-sa,
it-sa Brasil and it-sa India – trade fairs for IT Security, FeuerTRUTZ – trade fair
for preventive fire protection, Perimeter Protection – trade fair for perimeter
protection, FIRE & SECURITY INDIA EXPO and U.T.SEC – Unmanned
Technologies & Security, it brings together a total of around 1,200 exhibitors
and over 30,000 visitors from around the world. For more information please
go to: www.nuernbergmesse.de/security
Contact for press and media
Thomas Philipp Haas, Lena Vogl
T +49 911 86 06-83 23
F +49 911 86 06-12 83 23
All press releases and more detailed information, video impressions and photos are available from: www.it-sa.de/en/news