Cybersecurity Market Report, Q1 2015



Q1 2015

The Cybersecurity Market Report is published quarterly by Cybersecurity Ventures. We cover the business of cybersecurity, including market sizing and industry forecasts, spending, notable M&A and IPO activity, and more.

The worldwide cybersecurity market is defined by market sizing estimates that range from $71 billion in 2014 to $155+ billion by 2019.

  • Worldwide spending on information security was expected to reach $71.1 billion in 2014, an increase of 7.9 percent over 2013, with the data loss prevention segment recording the fastest growth at 18.9 percent, according to a forecast from Gartner, Inc. Total information security spending is expected to grow a further 8.2 percent in 2015 to reach $76.9 billion.
  • The cyber security market is estimated to grow to $155.74 billion by 2019, at a Compound Annual Growth Rate (CAGR) of 10.3 percent from 2014 to 2019, according to a report from Markets and Markets. Aerospace, defense, and intelligence vertical continues to be the largest contributor to cybersecurity solutions. North America is expected to be the biggest market, while the APAC and EMEA regions are expected to experience increased market traction.

Cybercrime is on the rise and costing the world economy hundreds of billions of dollars annually.

  • Companies across all industries worldwide have reported a total of 42.8 million detected attacks in 2014, according to the PWC Global State of Information Security Survey 2015. That’s a 48 percent increase in incidents since last year.
  • Crime involving computers and networks has cost the world economy more than $445 billion annually, according to a June 2014 report by the Center for Strategic and International Studies.

Cybersecurity vendors and industry experts are predicting new threats in 2015 and beyond.

  • In its McAfee Labs 2015 Threats Predictions, Intel Security identified internet trust exploits, mobile, internet of things and cyber espionage as the key vulnerabilities on next year’s threat landscape.
  • “The Internet of things is the Internet of threats for us” said Eugene Kaspersky, the Russian-born founder and chief executive of Kaspersky Lab, the world’s largest private cybersecurity company – in a recent USA Today edited version of an interview with him conducted at Dublin’s Web Summit. “We expect attacks on smart TVs, watches, smart glasses. As the number of connected smart devices expands fast, more and more of them will be targeted to obtain criminal profit” he said.
  • “In 2014 in the US, mobile web traffic exceeded desktop web traffic for the first time as mobile has become the most convenient and cost-effective way to get online” says Yuval Ben-Itzhak, Chief Technology Officer at AVG Technologies, one of the largest providers of consumer security, privacy, performance and backup mobile applications and software for Windows, iOS and Android devices. “So in 2015, we will see mobile apps becoming the primary target for hackers, with apps left unmaintained by developers in App Stores being among the most vulnerable” he says.

Cyber Warfare is creating a huge market opportunity for U.S. cybersecurity firms to export their solutions.

  • With the increase in cyber-attacks on the private sector and government agencies around the world, there are great opportunities for U.S. cyber security firms to export their products, services and technology, to governments in different countries.
  • The 2014 Cybersecurity Export Market Report from the Virginia Economic Development Partnership (VEDP), which was prepared by George Mason University, identified the top 10 foreign markets that provide the best opportunities for exporting U.S. cybersecurity technologies – which are (in size order of opportunity): Saudi Arabia; United Arab Emirates; Qatar; Kuwait; South Korea; Brazil; Japan; United Kingdom; Australia; and Indonesia.
  • “Cyber security is the new wave in the defense industry, with sales expected to explode. Many defense firms are expanding into this area, as it is quickly becoming a top priority for many governments around the world. Defense budgets are being increased to include cyber security as cyber-attacks target state-owned energy companies in the Middle East or attempt to infiltrate the systems of U.S. agencies daily” says the VEDP report.

The Managed Security Services Provider (MSSP) market is continuing to grow as companies look to outsource Cybersecurity.

  • Infonetics Research says the managed security market will exceed $9 billion by 2017, in its “Cloud and CPE Managed Security Services” report.
  • Frost & Sullivan researchers predict the EMEA MSSP market will reach $5 billion by 2018. “Threat intelligence, research, detection and remediation services are likely to grow at a rate twice that of security asset monitoring and management, becoming a critical focus area that will distinguish market leaders from the rest,” stated Network Security Industry Principal, Frank Dickson.
  • By 2018, Gartner projects that more than half of organizations will use security services firms that specialize in data protection, security risk management and security infrastructure management to enhance their security postures. They say that by 2015, roughly 10 percent of overall IT security enterprise product capabilities will be delivered in the cloud, as cloud-based services or cloud-managed products. For small or midsize businesses, Gartner projects that 30 percent of security controls will be cloud-based by 2015.

Federal sector provides new opportunities for small businesses and cybersecurity providers.

  • President Obama’s fiscal 2015 budget request to Congress last year cut $2.4 billion from the government’s IT spending level at that time, proposing $79 billion for 2015 compared to $81.4 billion for fiscal year 2014. About $13 billion of the proposed spending would go toward improving cybersecurity at civilian and defense agencies.
  • The government is increasing its investments in advanced cyber security technologies. Special attention is being given to securing the Internet of Things through federally-sponsored research in cyber-physical systems. Small businesses can use these R&D contractual vehicles to get involved in the government cyber security market.
  • The federal government has set aside special funds for small businesses to develop innovative solutions in cyber security. The government also requires large defense contractors to subcontract a certain percentage of their cyber security solutions development to small businesses. So, a small business has multiple avenues for engaging in the federal cybersecurity market, either through direct contract with the government or by helping a large business meet its small business subcontractor quota.
  • “To provide wider, discounted access to cybersecurity resources the General Services Administration (GSA) and the Department of Homeland Security (DHS) are strategically sourcing cybersecurity tools and solutions through the Continuous Diagnostics and Mitigation (CDM) and Continuous Monitoring as a Service (CMaaS) Blanket Purchase Agreements (BPAs)” says Dr. Anita D’Amico, a director of Secure Decisions, which is focused on cybersecurity and homeland security research and products. Prior to her current position, Dr. D’Amico was the head of the Information Warfare Team at Northrop Grumman.

IBM’s cybersecurity business valued at $1 Billion plus, and growing.

  • IBM announced a range of cloud-based security products in the fall of 2014, under an umbrella IBM called a hybrid cloud model. IBM has dedicated more than $1 billion to security research and development; it claims to monitor 15 billion security events per day.
  • Gartner recently valued IBMs security business at $1.14 billion. IBM said in its most recent quarter that security revenue grew 20 percent.
  • Tech analyst Roger Kay, founder of Endpoint Technologies Associates, cautioned that IBM was moving into unfamiliar territory, with the cloud tending to be less profitable than hardware, and competition in the cybersecurity cloud market being fierce, with many boutique security firms battling. IBM CEO Ginni Rometty said IBM has a clear strategy. “I can’t underscore enough – security,” she stated.

Big banks and financial services firms ramp up cybersecurity spending in response to cyber-attacks.

  • JPMorgan Chase & Co will likely double its $250 million annual security budget within five years stated CEO Jamie Dimon. JPMorgan disclosed that an attack by hackers exposed contact information of 76 million households and seven million small businesses. “It’s about firewall protection, it’s about internal protection, it’s about vendor protection, it’s about everything that hooks up into you,” stated Dimon. “There will be a lot of battles. Unfortunately some will be lost.”
  • Consulting firm PwC (PricewaterhouseCoopers) stated that financial services companies will increase their cybersecurity spending by $2 billion over the next two years. PwC surveyed 758 banks, insurers, and other financial services companies, and stated they collectively spent $4.1 billion on cybersecurity in 2014.
  • According to an article in the Wall Street Journal from late 2014, Citigroup Inc.’s annual cybersecurity budget has risen to more than $300 million, and Wells Fargo spends roughly $250 million annually on cybersecurity.

Major retailers protecting their brands with more cybersecurity.

  • Retailer Target Corp. is speeding up its $100 million program to adopt the use of chip-enabled smart cards that store information on computer chips rather than magnetic stripes. Payment networks Visa and MasterCard have set an October 2015 deadline for the new chip and PIN payment cards. The chip cards, which make it more difficult by cyber criminals to use stolen data, are widely used in Europe and Asia.
  • IDC Retail Insights expected spending by retailers in 2014 for security in the US to reach $720.3 million, an increase of 5.7 percent from the previous year.
  • According to Gartner, retailers spend 4 percent of their technology budgets on security, compared to 5.5 percent for banks and 5.6 percent for healthcare companies.

Recent Cybersecurity M&A Activity

  • Raytheon acquires Blackbird Technologies (Herndon, VA), a provider of persistent surveillance, secure tactical communications and cybersecurity solutions to the Intelligence Community (IC) and special operations market, for $420 million. The deal expands Raytheon’s special operations capabilities in tactical intelligence, surveillance and reconnaissance, secure tactical communications and cybersecurity.
  • BAE Systems acquires SilverSky, a provider of cloud-based email and network security tools, for $232.5 million. The deal will help grow BAE’s Applied Intelligence commercial cyber security business. SilverSky’s products protect critical information and networks and detect cyber threats and financial crime.
  • Gemalto acquires SafeNet (Belcamp, MD), a provider of enterprise data protection technology for $890 million. SafeNet announced $337 million in revenue in FY13. The deal will bolster Gemalto’s identity and access management business. SafeNet maintains a portfolio of cryptographic key management systems, authentication servers, software license management and monetization products.
  • IBM acquires Lighthouse Security Group to further build its identity and access management offering and complement its purchase of CrossIdeas. Lighthouse’s cloud-based Lighthouse Gateway platform is built to deploy for a data center, cloud or a hybrid IT environment to prevent identity theft and data breaches.
  • Veritas Capital acquires BeyondTrust Software (Phoenix, AZ), a provider of account management and vulnerability management software, for $310 million.
  • AVG Technologies has acquired Location Labs (Emeryville, CA), a provider of mobile security products. The deal is valued at upwards of $220 million, including $140 million up-front and another $80 million in possible earnouts. Location Labs had raised $26 million in VC funding.
  • Cigital (Dulles, VA) acquires iViZ Security, a provider of cloud-based application security testing tools.

Recent Cybersecurity Investments & IPOs

  • Eagle Eye Networks (Austin, TX), a provider of on-demand cloud based security and operations video management systems, receives growth funding from MSD Capital, the private investment firm for Michael S. Dell and his family.
  • BitGlass (Campbell, CA), a provider of enterprise mobile cloud security solutions, raises $25 million in Series B from SignTel Innov8, Norwest Venture Partners and NEA.
  • Vectra Networks (San Jose, CA), a cybersecurity startup, raises $25 million in Series C from Accel Partners, Intel Capital, Juniper Networks, Khosla Ventures, IA Ventures and AME Cloud Ventures.
  • Verdasys (Waltham, MA), a provider of data protection for endpoints for Global 2000 companies, announces it is nearing $20 million funding round. Company will re-brand as Digital Guardian.
  • Druva (Sunnyvale, CA), a provider of data protection and governance solutions for enterprise devices, raises $25 million in Series D, led by Sequoia Capital.
  • Lookout (San Francisco, CA), a provider of mobile security solutions, raises $150 million in new VC. The company has previously raised $130 million.
  • Triumfant (Rockville, MD), a provider of advanced threat detection for large commercial enterprises and government entities, earns a $750,000 Maryland Venture Fund investment to further develop its cybersecurity services.
  • GuardiCore (Israel), a developer of data center security solutions, raises $11 million in new VC.
  • vArmour (Mountain View, CA), a data center security startup, raises $21 million in Series C.
  • Lastline (Redwood City, CA), a malware defense platform provider, raises $10 million in new VC from Dell Ventures, Presidio Ventures, Redpoint Ventures and e-ventures.
  • Delta ID, a provider of biometric authentication to mass market computer devices, has received $5 million in Series A.
  • LightCyber (Israel), a provider of breach detection and response solutions, has raised $10 million in new VC funding.
  • Veracode (Burlington, MA), provider of application security services, raises $40 million in new VC funding. The company has raised over $70 million in VC funding.
  • CyberArk Software (Israel), a provider of cyber attack security software, raises $86 million in its IPO, pricing its shares at $16, above the $13-15 range), for an initial market cap of $473 million.
  • Sentrix (Israel), a provider of enterprise-grade network security, has raised more than $6 million in VC funding.
  • Ping Identity (Denver, CO), an identity security company, raises $35 million in new VC funding let by KKR.
  • CyActive (Israel) an Israeli predictive cyber security startup, raises undisclosed amount of VC from Siemens Venture Capital.
  • Agari, a provider of real-time, data-driven security solutions, raises $15 million Series C funding led by Scale Venture Partners.
  • Argus Cyber Security (Israel), a provider of automotive cybersecurity solutions has raised $4 million in Series A.
  • Zenedge (San Jose, CA), a provider of web application security infrastructure, raises $3.5 million in Series A.
  • Krimmeni Technologies (San Francisco), a cybersecurity startup focused on cloud-based data centers and the Internet-of-things market, raises $11.7 million in Series A.
  • Prelert (Framingham, MA), an anomaly detection company, raises $7.5 million in new VC from Intel Capital, Fairhaven Capital and Sierra Ventures.
  • Duo Security (Ann Arbor, MI), a provider of cloud-based two-factor authentication solutions, raises $12 million in Series B from Benchmark, Google Ventures, True Ventures and Radar Partners.
  • Risk I/O (Chicago, IL), a vulnerability intelligence platform, raises $4.5 million in new Series A from Costanoa Venture Capital, USVP, Tugboat Ventures and Hyde Park Angels.

Stay tuned for the Cybersecurity Market Report, Q2 2015 edition, coming in early April.

Please Visit Our Sponsors