Quantum Threats Drive Record Enterprise Security Spending
Global IT spending is projected to hit $6.15 trillion in 2026, with a significant portion driven by enterprise security needs, according to a new report. Companies are increasing their security budgets to record highs as they accelerate AI adoption and prepare for emerging threats from quantum computing.
- The U.S. National Institute of Standards and Technology (NIST) is leading the global effort to standardize post-quantum cryptography (PQC) and released the first three finalized PQC standards in August 2024. These standards, which include ML-KEM for general encryption and ML-DSA and SLH-DSA for digital signatures, are designed to be secure against attacks from both classical and future quantum computers. - The timeline for when a quantum computer will be able to break current encryption, an event dubbed "Y2Q" or "Q-Day," is uncertain, with predictions ranging from 2030 to the mid-2030s. This threat has prompted a "harvest now, decrypt later" strategy by adversaries, who collect encrypted data now with the intent of decrypting it once quantum computers are available. - Beyond quantum threats, the rapid adoption of AI is a primary driver of increased security spending, as it expands the cyber threat landscape by enabling more sophisticated and automated attacks like phishing and deepfakes. The annual cost of cybercrime is projected to exceed $10.5 trillion by 2025. - Gartner forecasts that end-user spending on information security will reach $213 billion in 2025 and grow to $240 billion in 2026. Security software is the fastest-growing segment, driven by the move to cloud-based systems and the need for solutions like cloud security posture management. - Small and Medium-sized Enterprises (SMEs) are projected to have the highest growth rate in cybersecurity spending as they increasingly adopt end-point security solutions. The United States and Western Europe are expected to account for over 70% of global security spending in 2025. - A significant challenge in the cybersecurity industry is the persistent talent gap, which is driving more organizations to rely on external support from managed security service providers (MSSPs). Spending on security services is expected to grow from $77 billion in 2024 to $92.7 billion in 2026. - Post-quantum cryptographic algorithms often require larger key sizes than current algorithms, which creates trade-offs in computational efficiency and the size of ciphertexts or signatures. The cryptographic community is actively working on developing production-grade implementations of the new NIST standards. - The Biden administration has set a deadline of 2035 for federal agencies to mitigate the quantum threat by transitioning to post-quantum cryptography standards. This government mandate is a significant driver for the adoption of PQC in the private sector as well.
