Gartner recently released its global information security spending forecast and concluded that security products and services investment will reach $83.4 billion by the end of 2017 (a 7% increase over 2016). The firm also is predicting spending to reach $93 billion in 2018, a 12% increase over this year’s record investment.

According to Gartner:

“Security services will continue to be the fastest growing segment, especially IT outsourcing, consulting and implementation services… hardware support services will see growth slowing, due to the adoption of virtual appliances, public cloud and software as a service (SaaS) editions of security solutions, which reduces the need for attached hardware support overall.”

Gartner cites “rising awareness among CEOs and boards of directors about the business impact of security incidents and an evolving regulatory landscape” as driving forces behind today’s enterprise security spending spree.

Are we surprised? Not Really.

We’ve been on this trajectory for several years. Growing awareness in the C-suite, inadequate investment in legacy solutions and a tsunami of innovation within and adoption of emerging security solutions – including next generation firewalls and endpoint protection, malware analysis tools, artificial intelligence and predictive analytics – have all contributed to this unprecedented security tech spending cycle.

But as CISSPs and all (ISC)² members know, technology is only part of the issue. The latest technology will only take your security so far without the expertise to effectively design, implement and manage your cybersecurity strategy.

Gartner Principal Research Analyst Sid Deshpande says, “improving security is not just about spending on new technologies…doing the basics right has never been more important. Organizations can improve their security posture significantly just by addressing basic security and risk related hygiene elements like threat centric vulnerability management, centralized log management, internal network segmentation, backups and system hardening…"

To us, that highlights the need for enterprises to also invest in the people who can put best practices and frameworks in place to ensure organizations maximize their technology investments. Simply checking a box by inserting a new appliance in the rack or subscribing to the latest “unknown threat detector” and crossing your fingers and hoping for the best isn’t a strategy.

While Gartner does point to increased spending on human elements like outsourced services and consulting, including trends with MSSPs, the spending forecast underscores the mistake many enterprises make in that they focus on tech before people. Our core cybersecurity challenge is that enterprises lack enough fully equipped professionals to not only effectively combat today’s cyber threats, but to ensure all those billions spent aren’t wasted.

What do you think? Does your organization put enough focus on the people side of security? If your organization spent as much on tech as it did on people next year, how would your security posture change? Let us know your thoughts.