Index Insider: Enterprise security spend rising as ransomware attacks surge

Share: Print
Hello. This is Stanton Jones with your weekly briefing on what’s important in IT and business services.
 
Though India’s COVID crisis continues, daily cases in Delhi and Bangalore have dropped over the past several days. We hope this is a trend that holds. IT services delivered from the subcontinent continue to hold steady as providers begin to shift some work from India to other global delivery centers.
 
If someone forwarded you this briefing, sign up here to get the Index Insider every Friday.


CYBERSECURITY

Ransomware attacks on critical infrastructure are on the rise. Late last week, Colonial Pipeline was hit with a ransomware attack that shut down over 5,000 miles of U.S. pipeline. This section transports around 2.5 million barrels of diesel and gasoline a day, and accounts for almost half of the East Coast’s fuel supply. A few days earlier, attackers targeted Volue, a Norwegian company that provides technology to water and wastewater facilities in 44 countries. Colonial Pipeline reportedly paid a $5 million ransom – using cryptocurrency.
 
Ransomware attacks are usually focused on data exfiltration, followed with a threat to encrypt the data, and/or release it to the public unless payment is made – often in the form of cryptocurrency. Ransomware attacks are skyrocketing – up by more than 300 percent in the past year in the U.S. alone, according to the U.S. Department of Homeland Security.
 
Neither of these most recent attacks appear to be worst-case scenarios like what happened to a U.S. water utility last year when attackers took control of an industrial control system. But the implications are still enormous. In the case of Colonial Pipeline, panic-buying is leading to fuel shortages across the U.S. Eastern Seaboard. And, in the case of Volue, 200 Norwegian water municipalities were impacted.
 
While ransomware attacks can come from a number of vectors, the most frequent is phishing. Someone clicks a link, which infects their device and gives extortionists a pathway to do their work. This is why demand for security services is exploding and why enterprise dollars are flowing in this direction. As we discussed a couple weeks ago, enterprise security spending per employee increased by over 40 percent from 2019 to 2020. Security spend as a percentage of overall IT spend is increasing as well (see Data Watch).
 
Managed security services focused on SOC/SIEM operations are seeing steady demand. While these engagements tend to be smaller – between $2 and $3 million in ACV – we are seeing them grow to upwards of $5 million as enterprise buyers increasingly broaden the scope to include things like data loss prevention and identity governance.


DATA WATCH

Security spending as a percentage of IT spending 2019-2020


DEAL ACTIVITY

  • Hitachi ABB Power Grids and HCL. Energy joint venture breaks away from legacy IT organization. Link
  • Britvic and Infosys. European soft drink maker streamlining apps, cloud and workplace services. Link
  • NHS Scotland and AWS. Agency finds host for its National Digital Platform. Link
  • Hansel Ltd. and CGI. Finnish government signs framework agreement for data center services. Link
  • Vodafone and Google Cloud. Six-year agreement to create data platform; SAP hosted on GCP. Link
  • Mankind Pharma and Accenture. Indian pharmaceutical company redesigns demand and inventory planning processes. Link
  • Dolomiti Energia and Atos. Italian energy company develops app to maintain smart meters. Link
  • Orange Bank and Atos. Mobile bank signs 1,200-seat workplace services deal. Link
  • Premier League and Oracle. Football league selects its official cloud provider. Link


M&A

  • ServiceNow moves into application observability with LightstepLink
  • EPAM Systems goes on offense with Israeli cyber intelligence firm WhiteHatLink
  • Apexon adds 200 e-commerce and CX experts with AdaptyLink
  • Accenture beefs up industrial OT capabilities with Electro 80Link
  • Computacenter expands European logistics and technical services with ITLLink
  • Capgemini acquires Japanese and Southeast Asian SAP clients from MultibookLink
Share:

About the author

Stanton Jones

Stanton Jones

Stanton leads ISG's Index research, helping providers, investors and ISG clients make sense of the global IT services sector. Stanton’s weekly newsletter, the Index Insider, is read by thousands of market stakeholders each week. An ISG Digital Fellow, Stanton has been quoted in Fast Company, Forbes and CIO.com, and has appeared on national cable news.