As IT security spending grows, partners should see it as a “specialising” opportunity

Recent Gartner research shows a 9.5 percent growth in security spending in Australia.

As Australian organisations are slated to spend more than $7.5 billion on information security, this is an opportunity for partners to use it more than just a scaling operation.

Recent Gartner research shows security services, including consulting, professional and managed security services, remains the largest end-user spending category in Australia.

The market is forecast to reach more than $3.7 billion in 2026, an increase of 6.9 percent from 2025.

Speaking to CRN Australia, Jaideep Thyagarajan, director analyst at Gartner said the market is moving from “tool implementation” to “business resilience.”

To capture increased spend, Thyagarajan said partners must expand service portfolios to include consulting, integration, exposure management, AI-security, and managed detection/response to match buyer demand for outcomes and outsourcing.

“Developing industry/vertical expertise, especially in regulated sectors, and packaging outcome-based offerings that map to business priorities and ROI metrics is essential,” he said.

Strategically engaging resellers and MSP channels accelerates adoption, Thyagarajan noted.

“Building integration/connectors and participating in larger autonomous cyber defence systems ecosystems or agent marketplaces, while adopting standards to be orchestratable by mega vendors, is increasingly important,” he said.

“Partners should use benchmarking and business-outcome narratives to justify pricing and contracts, considering flexible contract terms given procurement scrutiny and regulatory shifts.”

To take advantage of this spending, Thyagarajan said MSPs and MSSPs must expand managed portfolios to include security measures such as MDR/MSS, XDR, SASE/SSE, vulnerability/exposure management, IAM/ZTNA, cloud-native protections, and compliance-as-a-service.

“Prioritising responsiveness, detection/response capability, and clear communication are primary drivers for buyers replacing providers,” he said.

“Investing in AI/ML-driven service delivery and SecOps workflow augmentation (SIEM-centric SOC, AI SOC agents, automation) improves SOC efficiency and addresses talent constraints.”

Revenue opportunity

According to Gartner, security services now represent over 40 percent of the information security market, Thyagarajan said this creates substantial revenue opportunities for services-led IT partners.

“The market is not just expanding but being reshaped, as enterprise buyers increasingly consolidate tooling and prioritise outcomes, demanding integrated, end-to-end services that reduce complexity and total cost of ownership,” he said.

“Boards and executives view cyber risk as a business risk, retaining external advisors and driving demand for advisory and program services.”

Midsize buyers and regulated verticals are particularly attractive, with vendors delivering end-to-end services, industry expertise, and AI security capabilities outgrowing peers.

Thyagarajan highlighted that buyer behaviour in Australia, for example, shows a preference to start from business outcomes rather than predefined solutions, increasing demand for consultative selling and outcome-aligned service packaging.

“The shift to autonomous/AI-enabled security orchestration further elevates the value of partners who can integrate heterogeneous vendor estates and supply connectors, professional services, and managed orchestration,” he added.

Propositions over spending

Thyagarajan noted that partners should lead with business-impact value propositions and measurable outcomes rather than product specs.

“Managed services should be positioned as a solution to local talent shortages, with midsize buyers increasingly outsourcing tactical security and seeking partners for ongoing operational coverage,” he said.

“When engaging Australian buyers, emphasise governance, board-level reporting, and demonstrable alignment to business risk—boards expect measurable linkage between spend and enterprise risk reduction.”

Globally, cybersecurity is now a board-level, economic, and geopolitical issue, Thyagarajan said.

“Enterprises evaluate providers on operational resilience, sovereign delivery capability, AI governance maturity, regulatory readiness, and crisis response credibility,” he said.

“Security is becoming the trust layer underpinning digital transformation, and strategic resilience partners will capture disproportionate value.”