$30.6 billion in new security spending in a single year. That is the gap between Gartner’s 2025 and 2026 information security forecasts. The total market reaches $246.2 billion in 2026, growing 12.2% in constant currency. By 2030, $353.1 billion.
I analyzed Gartner’s 1Q26 Information Security Market Current Outlook (G00846158, March 2026), the latest quarterly update to their worldwide security spending forecast. The dataset covers 11 subsegments and 41 categories across nine global regions, from 2024 through 2030. Growth rates are in constant currency. Dollar figures are in current U.S. dollars unless noted.
The forecast outlook is unchanged from 4Q25. Gartner held growth at 12.2% for 2026. But the category-level data tells a different story. Cloud Security Posture Management is growing at 33.4%. Two legacy categories are shrinking. The spread between the fastest and slowest growth rates is over 40 percentage points. That is where the budget decisions are. (For context on how the 4Q25 forecast shaped earlier spending trends, see my Top 6 cybersecurity trends from Gartner’s 2026 Security Forecast and Gartner’s $244.2B security forecast.)
The Top 10 Fastest-Growing Security Categories in 2026
Ranked by 2025–2026 constant currency growth rate. Minimum $500 million in 2025 spending to qualify.
| # | Category | 2025 | 2026 | 2030 | 2025-26 GR | 5yr CAGR |
| 1 | Cloud Security Posture Management | $4.7B | $6.3B | $16.2B | 33.4% | 27.6% |
| 2 | Threat Intelligence | $2.6B | $3.4B | $6.9B | 27.3% | 21.1% |
| 3 | Cloud Access Security Brokers | $2.3B | $3.0B | $7.1B | 27.2% | 24.3% |
| 4 | Cloud Workload Protection Platforms | $6.0B | $7.7B | $16.1B | 25.9% | 21.0% |
| 5 | Zero Trust Network Access | $2.4B | $3.0B | $6.4B | 23.0% | 20.9% |
| 6 | Consent and Preference Management | $0.8B | $1.0B | $2.0B | 22.1% | 18.6% |
| 7 | Subject Rights Request Automation | $1.3B | $1.5B | $2.3B | 16.2% | 12.3% |
| 8 | Firewall Equipment | $16.8B | $19.8B | $26.7B | 15.9% | 9.1% |
| 9 | Vulnerability Assessment | $3.5B | $4.1B | $6.4B | 15.7% | 12.0% |
| 10 | Network Detection and Response | $2.2B | $2.6B | $4.1B | 15.6% | 12.4% |
Source: Gartner Information Security Market Current Outlook, 1Q26 (G00846158), March 2026. Growth rates in constant currency. Dollar figures in current U.S. dollars.
Cloud security owns three of the top five spots
Cloud Security Posture Management, Cloud Access Security Brokers, and Cloud Workload Protection Platforms together account for $13.0 billion in 2025 spending and reach $39.3 billion by 2030. The Cloud Security subsegment overall is growing at 28.8%, the fastest of all 11 subsegments. It adds $26.3 billion in new spending over five years.
CSPM leads the entire forecast at 33.4% growth. Gartner sizes it at $4.7 billion in 2025, reaching $16.2 billion by 2030. That 27.6% five-year CAGR is the highest sustained growth rate in the dataset. The category barely existed five years ago. Now it is larger than Data Security and Privacy, Application Security, or Consumer Security Software as standalone subsegments.
Cloud Workload Protection Platforms are the second-largest category in the top 10 by absolute dollars, at $6.0 billion in 2025 growing to $16.1 billion by 2030. Together with CSPM, these two cloud categories alone will be larger than the entire Network Security Equipment subsegment is today.
Zero Trust Network Access is the fastest-growing network category
ZTNA grows at 23.0% in 2026, reaching $6.4 billion by 2030 from a $2.4 billion base. That 20.9% five-year CAGR puts it in the same growth tier as the cloud security categories. It is the only network security category in the top 10.
Compare that to traditional network categories. Intrusion Detection and Prevention Systems (IDPS) is declining at -6.3% in 2026, shrinking from $820 million to $528 million by 2030. Network Access Control is declining at -7.7%, falling from $981 million to $370 million. Every dollar IDPS and NAC lose, ZTNA picks up. (Gartner’s Top Trends in Cybersecurity for 2026 flagged agentic AI and identity governance as two of the six forces reshaping CISO strategy. Gartner’s own spending data confirms the shift: agentic AI overtakes chatbot spending by 2027, and the security implications are accelerating ahead of the spending crossover.)
Data privacy categories signal a regulatory spending wave
Consent and Preference Management (22.1% growth) and Subject Rights Request Automation (16.2% growth) are the two Data Security and Privacy categories in the top 10. Combined, they reach $4.4 billion by 2030. These are not traditional security categories. They exist because of GDPR, CCPA, and the expanding global patchwork of privacy regulation. Gartner’s forecasting 18.6% and 12.3% five-year CAGRs for compliance-driven categories tells you something about the regulatory trajectory. I did not expect two privacy categories to crack the top 10 ahead of SIEM, endpoint protection, and access management. That ranking surprised me.
Threat Intelligence and Vulnerability Assessment are the detection play
Threat Intelligence grows at 27.3%, the second-fastest rate in the top 10, reaching $6.9 billion by 2030. Vulnerability Assessment grows at 15.7%, reaching $6.4 billion. Both categories sit inside the Infrastructure Protection subsegment, which is the largest subsegment by absolute dollar growth: $27.7 billion added between 2025 and 2030 (from $36.4 billion to $64.1 billion). I tracked this same subsegment in my Q4 2024 analysis and the 3Q25 update. Infrastructure Protection has held the #1 dollar-growth position across all three quarters.
Threat Intelligence at 21.1% five-year CAGR reflects the operational shift from reactive to proactive security. CISOs are paying for intelligence before attacks, not forensics after. Investor funding reflects the same conviction. My 2025 AI security funding analysis tracked where venture capital is concentrating in these categories.
Firewall Equipment is the legacy giant that keeps growing
At $16.8 billion in 2025 spending, Firewall Equipment is larger than any other single category in the top 10 by more than double. It grows at 15.9% in 2026 and reaches $26.7 billion by 2030. The 9.1% five-year CAGR is the lowest in the top 10, but the absolute dollar addition ($9.9 billion) is the second-largest after Endpoint Protection Platforms.
Gartner made a notable upward revision to Network Security Equipment in this forecast cycle. The 1Q26 outlook added $1.7 billion to the 2026 Network Security Equipment forecast compared to 4Q25. That is the largest single category revision in the entire update, and most of that flows through firewall spending.
The subsegment view: where $30.6 billion in new spending goes
| Subsegment | 2025 | 2026 | 2030 | 2025-26 GR | 5yr CAGR |
| Cloud Security | $13.0B | $17.1B | $39.3B | 28.8% | 24.1% |
| Network Security Equipment | $23.3B | $27.2B | $38.1B | 14.8% | 9.8% |
| Infrastructure Protection | $36.4B | $42.1B | $64.1B | 14.2% | 11.5% |
| Data Security and Privacy | $6.7B | $7.8B | $12.0B | 13.9% | 11.5% |
| Application Security | $8.6B | $9.9B | $14.4B | 13.0% | 10.2% |
| Identity Access Management | $20.7B | $23.4B | $30.9B | 11.8% | 7.9% |
| Managed Security Services | $28.6B | $32.5B | $45.0B | 11.1% | 8.6% |
| Security Consulting Services | $26.7B | $29.8B | $38.5B | 9.6% | 6.8% |
| Security Professional Services | $29.8B | $33.0B | $43.2B | 8.3% | 6.8% |
| Other Security Software | $13.2B | $14.3B | $17.3B | 7.3% | 5.1% |
| Consumer Security Software | $8.6B | $9.1B | $10.3B | 3.7% | 3.3% |
Source: Gartner 1Q26 (G00846158, March 2026). Subsegments ranked by 2025-2026 constant currency growth rate.
Two categories are shrinking
Network Access Control declines 7.7% in 2026 and falls from $981 million to $370 million by 2030. Intrusion Detection and Prevention Systems declines 6.3%, shrinking from $820 million to $528 million. Both are being absorbed into broader platforms. Those dollars show up in ZTNA, SIEM, and NDR line items instead.
Five categories just outside the top 10
Identity Governance and Administration (14.7% growth), Endpoint Protection Platforms (14.5%, and the single largest category at $17.8 billion), Secure Web Gateway (14.5%), Access Management (14.5%), and Tokenization (14.1%) all narrowly missed the top 10. Endpoint Protection Platforms deserve particular attention: it adds $14.2 billion in absolute spending by 2030, the single largest dollar increase of any category in the forecast.
What changed from 4Q25
Gartner held the overall 2026 growth outlook unchanged at 12.2%. But the revision detail matters. Network Security Equipment received a $1.7 billion upward revision for 2026 and $2.0 billion for 2029, the largest positive revision in the forecast. Total net revisions added $2.0 billion to the 2026 outlook and $2.6 billion to 2029 across all categories. Gartner’s near-term narrative: organizations are investing in solutions that reduce tool fragmentation, streamline expenses, and secure AI-enhanced development and increasingly complex cloud infrastructure.
What this means for CISOs
Cloud security is the procurement priority. Three of the top five fastest-growing categories are cloud-native. CSPM and CWPP alone reach $32.3 billion by 2030. If your security budget does not have a dedicated cloud security line item growing at 20%+ annually, you are falling behind the market.
Watch what happens to network budgets next. ZTNA at 23.0% growth while IDPS and NAC decline means the network security budget is restructuring, not growing uniformly. Evaluate which legacy network detection spend can be redirected to zero trust architecture.
Privacy compliance spending is accelerating. Consent management and subject rights automation are growing faster than Identity Access Management as a whole (22.1% and 16.2% vs. 11.8%). The regulatory burden is compounding. Forrester’s 2026 cybersecurity budget data shows the same pattern from the buyer side.
Put threat intelligence in front of your board. At 27.3% growth, this is a strategic capability, not a SOC tool line item. The five-year CAGR of 21.1% signals sustained enterprise commitment to proactive intelligence over reactive forensics.
The bottom line
Gartner projects $353.1 billion in worldwide information security spending by 2030. The 10 fastest-growing categories tell you where the $137 billion in new spending between 2025 and 2030 concentrates. Cloud security posture management, threat intelligence, cloud workload protection, and zero trust access are growing at 2x to 3x the market average. Two legacy categories are declining. Growth is concentrating in cloud infrastructure, proactive intelligence, and privacy compliance. Everything else is decelerating. (For my analysis of how agentic AI security startups are positioning against these spending trends, see $3.6 Billion in Crunchbase Funding and 10 Agentic AI Security Startups Reshaping 2026.)
Source: Gartner, Information Security Market Current Outlook, Worldwide, 1Q26 (G00846158), March 2026. Gartner client research. Growth rates in constant currency. Dollar figures in current U.S. dollars.