CYBERSECURITY MARKET REPORT
FROM THE EDITORS AT CYBERSECURITY VENTURES
The Cybersecurity Market Report is published quarterly by Cybersecurity Ventures. We cover the business of cybersecurity, including market sizing and industry forecasts from consolidated research by IT analyst firms, emerging trends, employment, the federal sector, hot companies on the Cybersecurity 500 list, notable M&A, investment and IPO activity, and more.
MARKET SIZING & PROJECTIONS
The worldwide cybersecurity market is defined by market sizing estimates that range from $75 billion in 2015 to $170 billion by 2020.
- Market research firm Gartner says global spending on IT security is set to increase 4.7 percent in 2015 to $75.4 billion, and the world will spend $101 billion on information security in 2018.
- The cyber security market is estimated to grow to $170 billion (USD) by 2020, at a Compound Annual Growth Rate (CAGR) of 9.8 percent from 2015 to 2020, according to a report from Markets and Markets. The aerospace, defense, and intelligence vertical continues to be the largest contributor to cybersecurity solutions.
- North America and Europe are the leading cybersecurity revenue contributors, according to a report from TechSci Research. Asia-Pacific is rapidly emerging as a potential market for cyber security solution providers, driven by emerging economies such as China, India and South-East Asian countries, wherein, rising cyber espionage by foreign countries is inducing the need for safeguarding cyber space.
- According to IDC, the hot areas for growth are security analytics / SIEM (10 percent); threat intelligence (10 percent +); mobile security (18 percent); and cloud security (50 percent). According to a report from Markets and Markets, the cloud security market is expected to be worth $8.7 billion by 2019.
- The “PwC Global State of Information Security Survey 2015” found that U.S. information security budgets have grown at almost double the rate of IT budgets over the last two years.
- Million dollar plus cybersecurity deals (vendors selling to end-users) are on the rise. In a research note earlier this year, analysts at FBR & Co., an Arlington, Va. based investment banking and M&A advisory firm, indicate that the number of seven-figure (cybersecurity) deals have increased by 40 percent year-over-year.
- “Given the ongoing, evolutionary nature of cyber-attacks, coupled with the relatively low share of total IT spend security accounts for, we believe industry growth rates will remain stronger than industry forecasts” states Columbia Threadneedle Investments. We expect 10-15 percent growth over the next 3-5 years versus the 8-10 percent forecasted by industry analysts like Gartner. This creates immense opportunities for innovative cybersecurity companies as well as potentially outsized investment returns for those capitalizing on the theme.
Cyber attacks costing businesses $400 billion to $500 billion + a year.
- The British insurance company Lloyd’s estimates that cyber attacks cost businesses as much as $400 billion a year, which includes direct damage plus post-attack disruption to the normal course of business. Some vendor and media forecasts put the cybercrime figure as high as $500 billion and more.
- According to the “World Economic Forum (WEF) Global Risks 2015 Report”, most cybercrime incidents go unreported, and few companies come forward with information on their losses. That is not surprising given the risk to an organization’s reputation and the prospect of legal action against those that own up to cybercrime.
- The World Economic Forum (WEF) says a significant portion of cybercrime goes undetected, particularly industrial espionage where access to confidential documents and data is difficult to spot.
- TechSci Research says the banking and financial services sector has been the prime target of cyber criminals over the last five years, followed by IT & telecom, defense, and the oil and gas sector.
- Cybersecurity insurance is one of the fastest growing sectors in the insurance market, according to the PwC Global State of Information Security Survey 2016. A recent PwC report forecasts that the global cyberinsurance market will reach $7.5 billion in annual sales by 2020, up from $2.5 billion this year.
- A recent study published by the Atlantic Council and the Zurich Insurance group estimates that cyberattacks could cost up to $90 trillion by 2030 if cybersecurity fails to advance at a rapid pace.
Cybersecurity workforce shortage to reach 1.5 million by 2019.
- “The demand for the (cybersecurity) workforce is expected to rise to 6 million (globally) by 2019, with a projected shortfall of 1.5 million” stated Michael Brown, CEO at Symantec, the world’s largest security software vendor.
- The “Cisco 2014 Annual Security Report” warns that the worldwide shortage of information security professionals is at 1 million openings, even as cyberattacks and data breaches increase each year.
- More than 209,000 cybersecurity jobs in the U.S. are unfilled, and postings are up 74 percent over the past five years, according to a Peninsula Press (a project of the Stanford University Journalism Program) analysis of numbers from the Bureau of Labor Statistics. The demand for information security professionals is expected to grow by 53 percent through 2018.
- A recent CNBC story quotes a Rand Corporation study which estimates there are around 1,000 top-level cybersecurity experts globally vs. a need for 10,000 to 30,000.
- Cybersecurity workers can command an average salary premium of nearly $6,500 per year, or 9% more than other IT workers, according to the “Job Market Intelligence: Cybersecurity Jobs 2015” which is published by Burning Glass Technologies.
- According to a recent report from DICE, a leading IT job board, the top five IT security salaries are: No. 1 – lead software security engineer at $233,333; No. 2 – chief security officer at $225,000; No. 3 – global information security director at $200,000; No. 4 – chief information security officer at $192,500; and No. 5 – director of security at $178,333.
- IDC predicts that “by 2018, fully 75 percent of chief security officers (CSO) and chief information security officers (CISOs) will report directly to the CEO, not the CIO”. This will arguably push those positions higher up in to the salary stratosphere.
- U.S. News and World Report ranked a career in information security analysis eighth on its list of the 100 best jobs for 2015. They state the profession is growing at a rate of 36.5 percent through 2022.
- Cybersecurity positions are more likely to require certifications than other IT jobs. One third (35%) of cybersecurity jobs call for an industry certification, compared to 23% of IT jobs overall, according to Burning Glass Technologies.
- According to a 451 Research Q2 2015 study, based on responses from over 1,000 IT professionals, primarily in North America and EMEA, security managers reported significant obstacles in implementing desired security projects due to lack of staff expertise (34.5 percent) and inadequate staffing (26.4 percent). Given this challenge, only 24 percent of enterprises have 24×7 monitoring in place using internal resources.
- Burning Glass Technologies states that one third (35%) of cybersecurity jobs call for an industry certification, compared to 23% of IT jobs overall.
- A recently released survey commissioned by Raytheon Cyber and the National Cyber Security Alliance states that men are five times more likely than women to consider careers in cybersecurity. 4,000 adult respondents aged 18-26 from countries including the U.S., Qatar, France, Poland, Germany, Saudi Arabia and Japan participated.
U.S. Federal Government has spent $100 billion on cybersecurity over the past decade, $14 billion budgeted for 2016.
- Sponsored by FireEye, the trusted cyber security leader that delivers proven protection before, during and after advanced attacks.
- With a cumulative market valued at $65.5 billion (2015 – 2020), the U.S. Federal Cybersecurity market will grow steadily at about 6.2 percent CAGR, according to a report from Market Research Media, Ltd. The report states “the annual cyber security spending of the US Federal government is bigger than any national cyber security market, exceeding at least twofold the largest cybersecurity spending countries.”
- Demand for vendor-furnished information security products and services by the U.S. federal government will increase from $8.6 billion in FY 2015 to $11 billion in 2020 at a compound annual growth rate (CAGR) of 5.2 percent, according to “Deltek’s Federal Information Security Market Report” – which examines the trends and drivers shaping the federal information security marketplace and provides a forecast for the next five years.
- Deltek states that as federal agencies struggle to stay ahead of the cybersecurity threats, more and more of their IT spend is being devoted to cybersecurity, reaching over 10 percent of IT spend by 2020.
- A recent article in The Christian Science Monitor states that for 2016, the Department of Homeland Security has budgeted $582 million – for just its EINSTEIN intrusion detection system and its continuous diagnostics and mitigation programs.
- Only the Department of Homeland Security (DHS) spends more that 3 percent of its (2014) budget on cybersecurity,” states a recent report from Bank of America Merrill Lynch. “The Office of Personnel Management (OPM) spent the lowest percentage on cybersecurity out of all the (federal) departments, which is significant since it suffered the biggest US agency breach to date”. 11 federal departments spend less than 1 percent of their budget on cybersecurity, including Social Security, NASA and the Department of State, according to the report.
- TIME recently reported that the U.S. Director of National Intelligence ranks cyber crime as the No. 1 national security threat, ahead of terrorism, espionage and weapons of mass destruction. The TIME article said the federal government suffered a staggering 61,000 cyber-security breaches last year alone.
- Recent White House workforce data show that over the last two years, the U.S. has been losing more civilian cybersecurity professionals than it’s been able to hire. Tony Scott, the U.S. chief information officer, estimates there are about 10,000 cybersecurity openings right now across federal agencies, bureaus and departments, according to a recent article in Politico.
- According to a recent analysis by Booz Allen and the Partnership for Public Service, a senior level software engineer can make upwards of $33,000 more doing her job in the private sector rather than the federal government. Entry-level salaries for the same kind of position can be as much as $14,000 higher in the private sector.
- At the RSA Conference earlier this year, the U.S. Department of Homeland Security (DHS) announced they are opening a Silicon Valley office. According to a recent Fortune article, the office is a bid to improve relations between tech companies and the government, spread the government’s ideology on cybersecurity throughout the tech industry, and recruit top talent that might otherwise head to the private sector.
- A recent San Jose Mercury News story signaled Silicon Valley’s importance in cyberwarfare stating “In one of the most overt displays of the federal government’s growing dependence on Silicon Valley, the Department of Defense late last month announced it will start providing venture capital funding to valley startups that can help the Pentagon develop more advanced cybersecurity and intelligence systems to fend off nation states and hackers targeting everything from top-secret military correspondence to public power grids.”
THE CYBERSECURITY 500
Breaking news from the world’s hottest and most innovative cybersecurity companies.
- Announcing the Q4 2015 Edition of the Cybersecurity 500 list of the world’s hottest and most innovative cybersecurity companies
- FireEye (Milpitas, Calif.), No. 1 on the Cybersecurity 500 and the trusted cyber security leader that delivers proven protection before, during and after advanced attacks, is listed atop the Cybersecurity 500 list of companies to watch for the fourth consecutive quarter.
- Lancope (Alpharetta, Ga.), No. 2 on the Cybersecurity 500 and a leading provider of network visibility and security intelligence to protect enterprises against today’s top threats, has been acquired by Cisco. Through a successful partnership between the companies, Lancope has been part of Cisco’s security solution for many years and now they are coming together as one entity. The combined solutions secure customers’ resources and critical assets by using their network as a sensor — providing enhanced visibility, context, and control over threats.
- AlienVault (San Mateo, Calif.), No. 3 on the Cybersecurity 500 and a leading threat detection and response vendor, has been named to Deloitte’s 2015 Technology Fast 500 List of Fastest Growing Companies in North America.
- Norse (San Mateo, Calif.), No. 4 on the Cybersecurity 500, dedicated to delivering live, accurate and unique attack intelligence that helps enterprises block attacks, uncover hidden breaches and track threats emerging around the globe, announced they have received an $11.4 million equity investment from KPMG Capital.
- AVG Technologies (Amsterdam, The Netherlands), No. 6 on the Cybersecurity 500 and the online security company for more than 200 million monthly active users, announced the establishment of its global Center of Excellence for mobile in Tel Aviv, Israel. The new office comprises a 3,200 square meter facility, supporting more than 120 employees working across state-of-the-art mobile innovation, emerging mobile threats research, and Internet of Things technology development.
- Clearwater Compliance (Nashville, Tenn.), No. 11 on the Cybersecurity 500 and a provider of best-in-class risk management and compliance software and services which has assisted over five hundred organizations with meeting and exceeding their HIPAA compliance and information risk management requirements, announced they have earned the exclusive endorsement of the American Hospital Association.
- Code Dx, Inc. (Northport, N.Y.), No. 15 on the Cybersecurity 500 and a provider of a robust suite of fast and affordable tools that help software developers and security analysts find, prioritize and visualize software vulnerabilities, announced the addition of Migtec as a reseller of its Software Vulnerability Management System. Migtec, an expert in security and quality software solutions, will offer Code Dx’s application security solutions to its client base in the Australian and New Zealand markets.
- Sera-Brynn (Suffolk, Va.), No. 16 on the Cybersecurity 500 and a leading PCI QSA and cyber risk management firm, is the top listed company in Virginia for the fourth consecutive quarter.
- root9B (Colorado Springs, Colo.), No. 22 on the Cybersecurity 500, announced a first-of-its-kind adversary pursuit center (APC). The APC will serve as the nerve center of root9B’s manned cyber security HUNT operations, creating an always-on environment where highly-trained security operators will actively monitor client’s proprietary networks, searching for malicious activity and closing the response gap from nearly a year to just a few days.
- Nexusguard (San Francisco, Calif.), No. 24 on the Cybersecurity 500 and the worldwide leader in Distributed Denial of Service (DDoS) security solutions, announced Nexusguard AI, the industry’s first DDoS solution with automated route engineering powered by software-defined networking (SDN). The capability addresses a number of business IT challenges associated with large-scale or multiple DDoS attacks, automating the management of all network resources in real time to route traffic across Internet-service providers (ISPs) and promote scrubbing center health effectively.
- Thycotic (Washington, D.C.), No. 25 on the Cybersecurity 500 and an Inc. 5000 company, and the fastest growing privileged management vendor in IT security, announced they have teamed up with Adobe to bring enhanced privileged account security to build environments for cloud applications.
- CYBERBIT (Tel-Aviv, Israel), No. 45 on the Cybersecurity 500 and a global leader in the Cyber arena has been recognized with the 2015 Global Frost & Sullivan Award for Competitive Strategy Innovation and Leadership.
- Digital Defense, Inc. (San Antonio, Texas), No. 46 on the Cybersecurity 500 and a leading provider of security risk assessments, awareness education and security intelligence has been named a leader in Gartner’s 2015 Security Awareness Computer-Based Training Magic Quadrant for the second consecutive year.
- DB Neworks (Carlsbad, Calif.), No. 47 on the Cybersecurity 500 and a leading database security company, was honored as The Best Data Center Security Product winner in the 3rd Annual 2015 Cyber Defense Magazine Awards.
Don’t miss an issue of the Cybersecurity Market Report
- Join our mailing list and get notified when we publish each issue of the Cybersecurity Market Report
- The Cybersecurity Market Report, Q3 2015 edition has been archived for our readers.
- The Cybersecurity Market Report, Q2 2015 edition has been archived for our readers.
- The Cybersecurity Market Report, Q1 2015 edition has been archived for our readers.
Stay tuned for the Cybersecurity Market Report, Q4 2015 edition, coming in October.
Steven C. Morgan, Editor-In-Chief
- Steve Morgan is Founder and CEO at Cybersecurity Ventures, and Editor-In-Chief of the Cybersecurity Market Report and the Cybersecurity 500 list of the world’s hottest and most innovative cybersecurity companies. Steve writes the weekly Cybersecurity Business Report for IDG’s CSO, and he is a contributing writer for several business, technology, and cybersecurity media properties.
- © 2015 Cybersecurity Ventures. All rights reserved. Federal copyright law prohibits unauthorized reproduction of this Report by any means and imposes fines up to $150,000 for violations. Reproduction in whole or in part in any form or medium without expressed written permission of Cybersecurity Ventures is prohibited.