Cybersecurity 500


Q3 2017

Special update to the 11th edition of the Cybersecurity 500 list of the world’s hottest and most innovative cybersecurity companies.


New No. 1 on the Cybersecurity 500 List

Herjavec Group is Head of the Cybersecurity Class in 2017.

Menlo Park, Calif. – Aug. 20, 2017

Cybersecurity Ventures announces an August 2017 update to the Cybersecurity 500 — a global compilation of leading companies who provide cybersecurity solutions and services — in advance of the Q3 edition which is scheduled to publish on Sep. 30, 2017.

The Cybersecurity 500 creates awareness and recognition for the most innovative cybersecurity companies – ranging from the largest and most recognizable brands, to VC backed startups and emerging players, to small firms with potentially game-changing technologies, to solution providers poised for growth around productized or vertically focused services.

The new No. 1 on the Cybersecurity 500 list is Herjavec Group, a global provider of cybersecurity solutions and services to enterprise organizations. Founded in 2003 by the dynamic IT entrepreneur Robert Herjavec, Toronto-based Herjavec Group has offices across Canada, the United States, and the United Kingdom.

“Herjavec Group is the top privately held cybersecurity company globally, and a pioneer in the MSSP (managed security services provider) market” says Steve Morgan, founder and Editor-In-Chief at Cybersecurity Ventures.

“Their historic and continual execution on revenue growth, pure-play cybersecurity business model, customer acquisition, market visibility, thought leadership, geographic expansion, niche acquisitions, and experienced business leadership, places them at the top of our list” adds Morgan.

The cybersecurity market is summarized by three economic pillars: cybercrime, cybersecurity spending, and cybersecurity employment.


Cybersecurity Ventures predicts cybercrime damages will cost the world $6 trillion annually by 2021, up from $3 trillion in 2015.

Cybercrime costs include damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm.

Cybersecurity Spending

While all other tech sectors are driven by reducing inefficiencies and increasing productivity, cybersecurity spending is driven by cybercrime. Cybersecurity Ventures predicts global spending on cybersecurity products and services will exceed $1 trillion cumulatively over the next five years, from 2017 to 2021.

In 2004, the global cybersecurity market was worth $3.5 billion — and in 2017 it is expected it to be worth more than $120 billion. The cybersecurity market grew by roughly 35X over 13 years.

Cybersecurity Employment

Cybersecurity Ventures predicts there will be 3.5 million cybersecurity job openings by 2021. Cybercrime will more than triple the number of job openings over the next 5 years.

Every IT position is also a cybersecurity position now. Every IT worker, every technology worker, needs to be involved with protecting and defending apps, data, devices, infrastructure, and people. The cybersecurity workforce shortage is even worse than what the jobs numbers suggest.

Outgoing No. 1

root9B, a cybersecurity consulting and operational support firm with headquarters in Colorado Springs, Colo., and regional offices in San Antonio, Texas, New York City, N.Y., and Charlotte, N.C., plus local cyber staff in other regions, occupied the No. 1 spot on the Cybersecurity 500 for six consecutive quarters, from Q1 2016 to Q2 2017.

“root9B gained our attention and respect based on their team of more than 50 tier-I Cyber Network Operators and Security Specialists, some of the top cyber-fighters in the world” says Steve Morgan, founder and Editor-In-Chief at Cybersecurity Ventures.

The new leadership at root9B, comprised of top ex-military cyber experts, has been focused on market execution, new business development, and raising growth capital.

Cybersecurity Ventures previously tracked only the root9B division of root9B Holdings, Inc. (NASDAQ:RTNB), a provider of cybersecurity, regulatory risk mitigation and energy & controls. The parent company recently shed some of its businesses and reorganized as a pure-play cybersecurity company. An analysis of the entire corporation led to its re-listing on the Cybersecurity 500.

Original No. 1

When the Cybersecurity 500 launched in Q1 2015, FireEye was the No. 1 company, and held that position for the entire year.

“Cyber defense has never been more critical than it is today, and the Cybersecurity 500 recognizes the ‘companies to watch’ on the front lines of this battle” stated Dave DeWalt, previously CEO and Chairman of the Board at FireEye, when the inaugural list was published.

“The Cybersecurity 500 spotlights the evolution taking place by raising awareness of the most innovative companies in the security industry” added DeWalt, now Chairman of the Board at Claroty and Illusive Networks, two Israeli cybersecurity startups which appear in the top 100.

FireEye is one of only a few companies who have remained in the top 25 since inception of the list.

Selection Criteria For The Cybersecurity 500

“For many years, business publications have shared lists of companies of which they recommend readers take note” says Joseph Steinberg, a cybersecurity expert, entrepreneur, author, speaker, and Inc. columnist covering cybersecurity.

“The Cybersecurity 500 gives the same convenience and wisdom to people interested in the cybersecurity industry; IT departments, analysts, journalists, and consumers now have a great list from which to learn about the industry and its current providers” adds Steinberg. “The Cybersecurity 500 list also offers a great window into emerging technologies from newer firms which often solve problems about which everyone knows, but has been unable to address.”

Cybersecurity Ventures continuously looks at new companies for inclusion in the Cybersecurity 500, by soliciting feedback from CISOs, IT security practitioners and service providers, and researching hundreds of cybersecurity events and news sources.

The selection criteria for the Cybersecurity 500 is subjective and includes some or all of the following when evaluating each company:

  • Cybersecurity Sector (market category)
  • Problem(s) Solved
  • Customer Base
  • Feedback from CISOs and Decision Makers
  • Feedback from IT Security Evaluators & Recommenders
  • Feedback from VARs, SIs and Consultants
  • VC Funding
  • Company Growth
  • Published Product Reviews
  • Demos and Presentations at Conferences
  • Corporate Marketing and Branding
  • Media Coverage
  • Notable Implementations
  • Founder and Management Pedigree
  • Interviews with Senior Management

The Cybersecurity 500 does not rank companies by revenues, employees, or annual growth. “We do not think a list of the largest cybersecurity companies is useful to our target audience of cyber and IT security decision makers, evaluators, and recommenders” says Morgan. “They already know who the biggest vendors are. Instead, we give a nod to the hottest and most innovative companies.”

For CISOs and IT Security Teams

The Cybersecurity 500 is both a list and a sortable directory. A link to the corporate website is displayed next to each company that is listed.

The driving force behind the Cybersecurity 500 is providing something useful to the CISOs and security decision makers, evaluators, and recommenders. The compilation lets them search and find specific types of solutions from the most innovative cybersecurity companies in the industry.

Cybersecurity Ventures publishes a new edition of the Cybersecurity 500 each quarter. The revised quarterly editions have new companies coming on the list, others dropping off, and changes to the listing order, to accurately reflect the current hottest and most innovative companies.


The Cybersecurity 500 is published by Cybersecurity Ventures, the world’s leading researcher and publisher of reports covering global cybercrime damage projections, cybersecurity spending forecasts, and cybersecurity employment figures.