The latest forecast from Gartner Inc. says worldwide information security spending will grow 7 percent to reach $86.4 billion (USD) in 2017 and will climb to $93 billion next year.

Gartner’s forecast concentrates on corporate IT and includes categories such as IT security outsourcing, managed security services, consulting and implementation, infrastructure protection, application security testing, data loss prevention (DLP), endpoint protection, security information and event management (SIEM), secure email and web gateways, identity governance and administration, web access management, and other IAM.

Lawrence Pingree, research vice president, Technology and Service Providers – Security Technologies at Gartner, said in an email exchange that the forecast includes all end-user spending, both by enterprises and by consumers.

The consumer security subsegment of the market covered by the Gartner forecast includes stand-alone suites of endpoint security products, including antivirus, anti-spyware, personal firewalls and host-based intrusion prevention systems (HIPSs), parental control, fraud detection, and mobile security — plus desktop and subscription antivirus sold or rented to the small office/home office segment and consumers.

Information security is a subset of the broader cybersecurity market, which is predicted to exceed $1 trillion in cumulative spending over the next five years, from 2017 to 2021, according to Cybersecurity Ventures.

Cybersecurity includes IT security, consumer security products such as biometrics and personal malware protection, medical device security, IoT and embedded systems security, Industrial Control Systems (ICS) and Industrial Internet of Things (IIoT) security, automotive cybersecurity, aviation cybersecurity, military cyber defense technology, and others that don’t fall under the traditional IT umbrella.

The Gartner forecast doesn’t cover IoT security and ICS security, said Contu Ruggero, a research director based in Italy, and chair of the Gartner India Security and Risk Summit, in an email exchange.

IoT security and ICS security are fast-growing markets. Together, just those two security sectors are estimated to be worth upwards of a combined $43 billion annually by 2022, according to one market research firm. Taken as a whole, Cybersecurity Ventures anticipates 12-15 percent year-over-year cybersecurity market growth through 2021.

What’s driving the spending?

Within the information security sector, Gartner points to growing board level involvement and compliance mandates as spending drivers.

“Rising awareness among CEOs and boards of directors about the business impact of security incidents and an evolving regulatory landscape have led to continued spending on security products and services,” said Sid Deshpande, a principal research analyst at Gartner out of Singapore.

Battening down the IT hatches does not necessarily mean spending more money on IT security products and services.

“Organizations can improve their security posture significantly just by addressing basic security and risk-related hygiene elements such as threat-centric vulnerability management, centralized log management, internal network segmentation, backups and system hardening,” said Deshpande, previously a Gartner senior research analyst in Bangalore, India, for more than seven years.

Security services will continue to be the fastest-growing segment, especially IT outsourcing, consulting and implementation services, according to Gartner.

The cybersecurity workforce shortage is forcing IT shops to look for third-party help. There will be 3.5 million unfilled cybersecurity jobs globally by 2021, up from a Cisco forecast of 1 million openings in 2014.

Cyber crime costs continue to drive demand for cybersecurity products and services. The world will suffer $6 trillion in cyber crime damages annually by 2021, up from $3 trillion in 2015, according to Cybersecurity Ventures.