The report covers the business of cybersecurity, including market sizing and industry forecasts from consolidated research by IT analyst firms, emerging trends, cybercrime, employment, the federal sector, notable M&A, venture capital and more.
“We expect worldwide spending on cybersecurity products and services to eclipse $1 trillion for the five-year period from 2017 to 2021” (1) says Steve Morgan, founder and Editor-In-Chief at Cybersecurity Ventures. “IT analyst forecasts are unable to keep pace with the dramatic rise in cybercrime, the ransonware epidemic, the refocusing of malware from PCs and laptops to smartphones and mobile devices, the deployment of billions of under-protected Internet of Things (IoT) devices, the legions of hackers-for-hire, and the more sophisticated cyber-attacks launching at businesses, governments, educational institutions, and consumers globally.”
“We anticipate 12-15 percent year-over-year growth through 2021, compared to the 8-10 percent projected over the next five years by several industry analysts” adds Morgan. “It is likely that analyst firms will catch up during the second half of 2016 and update the disproportionately low share of total IT spending which security is expected to account for (over the next 5 years) in their current reports. Many corporations are hesitant to announce breaches they’ve suffered — and the amounts of their increased security budgets — for fears of reputational damage and of antagonizing cybercriminals. By 2020, we expect IT analysts covering cybersecurity will be predicting five-year spending forecasts (to 2025) at well over $1 trillion.”
“There are some corporations who have come forward with increased cybersecurity budgets” says Morgan. “J.P. Morgan Chase & Co. doubled its annual cybersecurity budget from $250 million to $500 million. Bank of America has gone on the record stating it has an unlimited budget when it comes to combating cybercrime. The U.S. government has increased its annual cybersecurity budget by 35%, going from $14 billion budgeted in 2016 to $19 billion in 2017. This is a sign of the times and there’s no end in sight. Incremental increases in cybersecurity spending are not enough. We expect businesses of all sizes and types, and governments globally, to double down on cyber protection.”
“Historic analyst reports are rooted in ‘IT security’ (servers, networking gear, data centers and IT infrastructure, PCs, laptops, tablets, and smartphones) and not fully evolved to ‘cybersecurity’ which includes non-computer devices and non-IT centric platforms and environments — which covers entire sub-markets i.e. aviation security, automotive security, IoT security, and IIoT (Industrial Internet of Things) security” continues Morgan. All of those market segments combined make up the cybersecurity market.
“Even IT security services are difficult to fully size” shares Morgan. “Tech is a cottage industry which includes tens of thousands of VARs (value-added-resellers), IT solution providers, and SIs (systems integrators) who wrap IT security services around the IT infrastructures they implement and support — but (most of) these firms don’t break out and report cybersecurity revenues as a separate bucket. Big branded tech companies with sizable professional services organizations providing cybersecurity services have yet to set up specific divisions or revenue reporting which analysts need in order to capture accurate market figures. There’s also many new players getting into cybersecurity. CPAs and attorneys who used to answer their clients’ what-if and what-now questions around data breaches — are now starting up lucrative cyber consulting divisions.”
“On the consumer side of the market, there’s also non-covered spending — for instance personal identity theft protection services, computer and mobile phone repair services specific to malware and virus removal, installation of anti-virus and malware protection software, post-breach services including data recovery and user education on best practices for personal cyber defense” says Morgan. “The consumer cybersecurity market is much bigger than just the anti-virus and malware defense apps that are purchased or come pre-installed. Much like corporations, consumers are spending time and money as a result of cyber-attacks.”
Cybersecurity Ventures predicts global annual cybercrime costs will grow from $3 trillion in 2015 to $6 trillion annually by 2021, which includes damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm.
“Some public cybersecurity companies have seen their stocks take a hit in the first half of 2016” says Morgan. “We don’t think that has much to do with a slowdown in cybersecurity spending. Rather, we believe there’s substantially more competition going after cyber defense business at Fortune 500, Global 2000 and mid-sized corporations, plus governments globally. IBM and Cisco have $2 billion and $1.75 billion cybersecurity businesses respectively, and both are growing steadily and making strategic acquisitions in the space. IBM Security grew by 20% in Q1 2016. Some of the larger pure-play cyber companies may not have anticipated this competition, along with many startups chewing at their heels. 2014 and 2015 saw record VC funding and corporate investments into cybersecurity companies who are taking a hard run at the market now.”
Rob Owens, Senior Research Analyst for Security and Infrastructure Software at Pacific Crest Securities, recently told Investor’s Business Daily that he sees pent-up demand for cybersecurity spending. He says companies still aren’t spending enough on security. “I think security has been an under-spend area for decades. You’re spending about 3% of your capex (capital expenditures) that’s focused on IT on security. That’s relatively low.”
“From our optics, if you define cyber as data collection, storage, security, analysis, threat intelligence, operations and dissemination, then the $1 trillion market forecast from Cybersecurity Ventures barely scratches the surface” says Jeremy King, President at Benchmark Executive Search, a boutique executive search firm focused on cyber, national, and corporate security. “Cyber will never go away as the bad guys will never stop exploiting this new medium.”
The IT Security Spending Survey — published by SANS Institute in February 2016 — states “Tracking security-related budget and cost line items to justify expenditures or document trends can be difficult because security activities cut across many business areas, including human resources, training and help desk. Most organizations fold their security budgets and spending into another cost center, whether IT (48%), general operations (19%) or compliance (4%), where security budget and cost line items are combined with other related factors. Only 23% track security budgets and costs as its own cost center.” SANS makes an astute observation which may account for the shortfall in IT spending projections by some researchers and analysts.
(1) The $1 trillion forecast is total spending for the five-year period, not an annual projection by year five. Some current IT analyst forecasts range from $500-$700 billion in cybersecurity spending over a five year period. Others offer a single last or current year, or one to two years out in cybersecurity spending at $75-120 billion (a rough estimate with those numbers would also range from $500-$700 billion).
ANALYST & MEDIA FORECASTS
Worldwide cybersecurity market grew from $3.5 billion in 2004 to $75 billion in 2015, forecasted to reach $170 billion by 2020.
In 2004, the global cybersecurity market was worth $3.5 billion — and by 2017 it will be worth $120 billion. “The cybersecurity market grew by roughly 35X over 13 years” says Morgan. “Cybersecurity is the fastest growing tech sector. While all other sectors are driven by reducing Inefficiencies and increasing productivity, cybersecurity spending is driven by cybercrime. The unprecedented cybercriminal activity we are witnessing is initiating so much cyber spending, it’s become nearly impossible for the analysts to accurately track.”
The cyber security market is estimated to grow to $170 billion (USD) annually by 2020, at a Compound Annual Growth Rate (CAGR) of 9.8 percent from 2015 to 2020, according to a report from Markets and Markets. The aerospace, defense, and intelligence vertical continues to be the largest contributor to cybersecurity solutions.
A new report from BI Intelligence — Business Insider’s research service — estimates $655 billion will be spent on cybersecurity initiatives to protect PCs, mobile devices, and Internet of Things (IoT) devices between 2015 and 2020. BI breaks down the forecasted spending as follows: $386 billion spent on securing PCs; $172 billion spent on securing IoT devices; and $113 billion spent on securing mobile devices.
A recent Morgan Stanley Blue Paper, “Cybersecurity: Rethinking Security,” examines why and how digital security could evolve in the next several years—and what these changes mean for investors.. and asserts the cybersecurity market could grow by more than four times overall IT spend.
North America and Europe are the leading cybersecurity revenue contributors, according to a report from TechSci Research. Asia-Pacific is rapidly emerging as a potential market for cyber security solution providers, driven by emerging economies such as China, India and South-East Asian countries, wherein, rising cyber espionage by foreign countries is inducing the need for safeguarding cyber space.
According to IDC, the hot areas for growth are security analytics / SIEM (10 percent); threat intelligence (10 percent +); mobile security (18 percent); and cloud security (50 percent). A Tech Republic story states the cloud security market is expected to be worth $12 billion by 2020, according to a report from Transparency Market Research.
Government spending on cybersecurity has increased at an average annual rate of 14.5% between FY 2006 and FY 2017, outpacing procurement in every other type of major government program, according to Scott Homa, Senior Vice President for Mid-Atlantic Research at Jones Lang LaSalle IP, Inc. (JLL), a financial and professional services firm specializing in commercial real estate services and investment management with 60,000 employees across 280 corporate offices worldwide.
The White House states the U.S. Government will invest over $19 billion for cybersecurity as part of the President’s Fiscal Year (FY) 2017 Budget. This represents a more than 35 percent increase from FY 2016 in overall Federal resources for cybersecurity, a necessary investment to secure our Nation in the future.
Demand for vendor-furnished information security products and services by the U.S. federal government will increase from $8.6 billion in FY 2015 to $11 billion in 2020 at a compound annual growth rate (CAGR) of 5.2 percent, according to “Deltek’s Federal Information Security Market Report” – which examines the trends and drivers shaping the federal information security marketplace and provides a forecast for the next five years. Deltek states that as federal agencies struggle to stay ahead of the cybersecurity threats, more and more of their IT spend is being devoted to cybersecurity, reaching over 10 percent of IT spend by 2020.
Million dollar plus cybersecurity deals (vendors selling to end-users) are on the rise. In a research note last year, analysts at FBR & Co., an Arlington, Va. based investment banking and M&A advisory firm, indicate that the number of seven-figure (cybersecurity) deals have increased by 40 percent year-over-year.
Stay tuned for the Cybersecurity Market Report, Q4 2016 edition, coming in October.
Steven C. Morgan, Editor-In-Chief
Steve Morgan is Founder and CEO at Cybersecurity Ventures, and Editor-In-Chief of the Cybersecurity Stock Report and the Cybersecurity 500 list of the world’s hottest and most innovative cybersecurity companies. Steve has written hundreds of cybersecurity blogs and articles which have appeared in CIO, Computerworld, CSO, Forbes, Homeland Security Today, InformationWeek / DarkReading, Infoworld, ITworld, SandHill.com, TMCnet, and others.