B2B Information Security Addressable Market - United States

of one

TAM - B2B Information Security: United States

A detailed search did not yield the total addressable market of Information Security companies that sell Business to Business (B2B) solutions in the US. This was primarily because of the broad nature of the professional services that fall under the Information Security category and because of the broad list and nature of companies that provide these services. Detailed account of the reasons behind the lack of resources as well as additional useful insights are given below.

Why is there a Dearth of Information on TAM — B2B Information Security: United States

While no data was found referring specific to the United States, excerpts from leading vendors of market reports such as marketsandmarkets, forrester, marketsresearch, statista etc. have been used alongside articles published by the major professional services firms to generate relevant insights. We applied the 80-20 rule by trying to gather the global revenues (by each service part) and then trying to triangulate and derive US data, but could not proceed since revenues for all sub-services could not be gathered and the US Share of all these services could not be ascertained. It also appeared that there exist no consolidated paid reports defining this industry.

This might be because Information Security includes or is a part of services associated with terms like IT Security, Enterprise Security, CyberSecurity, Technology Security. Thus, Information Security is a broad category with various professional services falling under its umbrella.

Moreover, the list of companies that provide Information Security services can not be defined with precision as the list would include all the Big-4 and Consulting firms and other private sector CyberSecurity/Enterprise Security companies.

Furthermore, a search for the US market size of this list of companies proved futile as no fixed free source provided this information. It was thus assumed that the list must contain companies providing professional services as well as security services.

WHY Triangulation was not Successful for calculating TAM — B2B INFORMATION SECURITY: UNITED STATES

In the absence of exact figures, triangulation is used to make estimates; however, even that proved futile in this instance.

Firstly, defining the professional services yielded the following myriad of services:
-- Audit
-- Risk
-- Tax (although evidence of Cyber Tax services could not be gathered)
-- Legal
-- Others including niche services like Penetration Testing, Incident Response, Compliance Management etc.

It should be noted that these services are provided by the private sector and do not fall under any specific and exhaustive list of companies.

Secondly, estimating a definitive list of major players was difficult due to the broad nature of the professional services to be included in the list. Companies like the private Big-4 and Consulting firms, private and public CyberSecurity/InfoSec firms, small private firms dedicated to providing a sub-category of Information Security services and other firms providing only Information Security professional services would make the list. The broad nature of this list makes it quite difficult to arrive at a reasonable estimate for either the world or the U.S. market.
It should be noted that any attempt at triangulation would have yielded estimates that could not be presented with any confidence due to partial revenue information of the sub-categories of professional services at the global level and little information at the U.S. level.

Additional Useful Insights

Research yielded the following useful additional insights:

- The Global Security Advisory Services market is estimated at US$5.77 billion in 2017, growing at a CAGR of 18.7%.

- The Global Information Security Consulting market is estimated between US$15.8 billion (at a CAGR of 11.2%) and US$16.12 billion in 2016 (at a CAGR of 10.2%) and expected to hit US$30.11 billion by 2022.

- The revenues of the top 10 IT Security Consulting firms (not including managed security services) for 2016 is given below:
1. Deloitte: $2.857 billion
2. EY: $2.036 billion
3. PwC: $1.947 billion
4. KPMG: $1.610 billion
5. IBM: $731 million
6. Accenture: $601 million
7. Booz Allen Hamilton: $482 million
8. HP Enterprise: $388 million
9. Optiv Security: $373 million
10. BAE Systems: $290 million


The total addressable market of Information Security companies that sell Business to Business (B2B) solutions in the US could not be calculated after detailed search of multiple resources. This was because of the open-ended nature of the Information Security professional services and because of the broad list and nature of companies that provide these services.