Cybersecurity Industry

Part
01
of four
Part
01

Cybersecurity challenges

The main cybersecurity challenges faced by organizations today are malware, user-initiated attacks, artificial intelligence, and budget restrictions. These challenges affect a huge number of companies around the world and are ones that are not easy to combat. A deep dive of each challenge can be found below.

MALWARE
Malware is the largest, most prevalent threat to cybersecurity out there today. It is the most commonly used form of attack by hackers and other cyber criminals. It remains the cyber criminal's popular choice because of the sheer number of different ways to use it. Malware is the programs and processes that criminals use to hack into computer systems. Criminals can use the malware to lock a system and demand a ransom for the return of the data (a form of malware called ransomware), or they can simply steal confidential information from computer systems for their own personal gain. One example of this is the huge security breach that happened to Target stores and their customers in 2013. Over 70 million customers had their credit card and personal information stolen from Target’s systems. It was determined that the hackers carried out this breach by using a form of malware called a Trojan to attack a third party vendor that Target had not properly secured. This single security breach led to Target paying a settlement of $18.5 million in 2017. This is a great example of the huge impact a piece of malware can have on a business of any size.
USERS
One of the largest threats to cybersecurity continues to be humans. Employees often cause various kinds of security breaches both intentionally and unintentionally. One of the biggest issues when it comes to human error that causes breaches is passwords. Many users create passwords that are too simple and are too easy to crack, even when they are provided with training regarding secure password practices. Another password issue is reusing a password that has been used before or using the same password for multiple things, one or more of which contain secure information. Another common human error problem is viruses that are hidden in links inside of emails that appear to be safe to click on. This issue, while still common, can be confronted with employee training on email and computer security.
Insider threats, another form of user-created breaches, is when a malicious employee purposely creates a security breach to steal information or to damage the company by destroying data or causing other chaos. This is much less common than human error, but it is still a large threat for companies. There will always be a number of employees in any company that must have access to secure information and the ability to control system processes. Any of those employees could decide to commit a cybercrime for any number of reasons, including personal gain or disdain towards the company.
ARTIFICIAL INTELLIGENCE
Artificial Intelligence, where computers mimic human intelligence, is expected to become the next big thing in cyber attacks. AI has the real potential to enhance existing methods of cybercrime by making the attacks automated so they can be carried out faster. One example of this is using AI processes to gather personal information necessary for spearfishing attacks instead of having humans gathering the information by hand. Using AI technology for an attack of this nature would allow the attack to effect more people and be carried out much more quickly than usual. It is also speculated that attacks using AI technology may be harder to defend against. Some AI technology is able to resist, or slow down, the effects of the typical security programs that companies have today. Because of this, it may be necessary to have a defense system that uses AI technology as well. This would allow companies to defend themselves with somewhat equal forces when it comes to an AI integrated attack.
BUDGET
As the intensity and intelligence of cyber attacks increases, so does the need for equally intelligent and effective defense systems. The problem is that many businesses simply cannot afford the security systems that they realistically need to defend their data. This leaves the companies ill-protected and open to cyberattacks that could deplete their finances or even force them to shut down. Companies that cannot afford high quality security systems, or are on the edge of purchasing them, often don’t actually upgrade their systems until after an attack has already happened to them. Having a realistic defense system seems to be a reactive measure for many companies, when it should be a proactive measure. As with the above mentioned AI attacks, companies should be preparing to look into defense systems that integrate AI technology to match the attacks. Unfortunately this will likely not be a possibility for many companies due to their budget restrictions .

In conclusion, organizations around the world face the main cybersecurity challenges of malware, user error and insider threats, artificial intelligence, and lack of budget.
Part
02
of four
Part
02

Enterprise Security Search Terms

Based on keyword search rankings from sources such as Google Trends and Wordstream, some of the most searched keywords related to enterprise cybersecurity include "cyber security", "network security", "enterprise security management", "ransomware", and "cyber attack". Below, you'll find an explanation of my methodology and a full list of most searched keywords.

methodology

To determine the top keywords and search terms related to enterprise cybersecurity, I cross-referenced three different sources that provide data and analytics on search terms. Because these are publicly available sources for overall keyword search rankings, country-specific information (i.e., information based on searches in the U.S. only) were not available. This may be because internet analytics is a very successful and highly proprietary business solution. Specific and reliable rankings per country are usually behind paywalls. Still, I was able to find solid information that provided good references for cybersecurity search terms.

For all of my searches, I excluded any results that only ranked keywords based on cost per click or amount spent on paid promotion for these keywords. I excluded results that were based on transient trending topics such as news items. First, I looked at Google Trends insights for this term. However, Google Trends has no data available for "enterprise cybersecurity". Instead, I looked at the Google Trends keyword ranking for "enterprise security". The top-ranked keywords related to this search, according to Google Trends, are:

1. Enterprise Security Management
2. Enterprise Network Security
3. Social Security
4. Enterprise Data Security
5. Enterprise Security Solutions

Next, I looked into data available on WordStream, which collects keywords and ranks them according to their Google search volume. The top keywords related to "enterprise cybersecurity" on WordStream are as follows, with their Google search volume listed (you can generate this list on WordStream simply by entering the search term "enterprise cybersecurity" here):

1. Ransomware 368,000
2. Cyber security 165,000
3. Cyber attack: 110,000
4. Mobile security 74,000
5. Network security 49,500
6. ec2: 49,500
7. Information security: 33,100
8. Security companies 27,100
9. IT security: 22,200
10. Security application 14,800

Finally, I looked at SpyFu to corroborate my findings. This site identifies the top domain ranked for the search term ("enterprise security" in this case) and then displays the keywords that this domain focuses on in its paid promotion. This gives a slightly different perspective on the most relevant keywords. According to SpyFu, they are:

1. Cyber security
2. Cloud security
3. SSL

Based on all of the above data, I created the following consolidated list of the top search terms related to "enterprise cybersecurity" and "enterprise security".

TOP TERMS

Cyber security
Cloud security
Enterprise security management
Network security
Ransomware
Cyber attack
Enterprise network security
Enterprise data security
Enterprise security solutions
Security companies
SSL
EC2
Information security
Mobile security

conclusion

To wrap up, some of the most searched terms related to enterprise cybersecurity include "cyber security", "network security", "enterprise security management", "ransomware", and "cyber attack".
Part
03
of four
Part
03

Cybersecurity Trends

The top five trends for cybersecurity companies in the United States in 2017 are the need for improved technical prowess in the field of cybersecurity (potentially in-house solutions), an increased emphasis on cloud security, a proactive approach to cybersecurity threat detection and response, the rise of combined development operations centers, and the need to understand and provide cybersecurity in the digital ecosystem. The top three cybersecurity investments in 2017 are network security (68 percent), cloud security (60 percent), and data center/server security (60 percent). Below you will find a deep dive of our findings on these topics, as well as some additional information about outgoing trends in 2017 and practical examples of cybersecurity investments by enterprise-class cybersecurity companies.

introduction

Cybersecurity companies have a number of general goals. First, they must delicately balance risk, resilience, costs, and usability. Second, these companies require enough visibility to understand the current cybersecurity climate. Finally, they seek to gain control, but in order for this goal to be achievable, they must identify and control only the functions that truly matter. Ernst & Young, ranked amongst the top cybersecurity consulting companies in 2016, emphasizes the importance of an enterprise-led approach backed by efficient processes as well as innovative technology. They advise on large-scale programs with a focus on "cyber threat management, identity, and access management, data protection, privacy and “post-incident” services."

With these goals in mind, cybersecurity companies face a variety of challenges in 2017 and beyond. It has been noted that cybersecurity companies must confront the reality that all security risks cannot be repaired, assets may never be fully secure, cybersecurity is difficult to fully ascertain, and the security of digital partners may always remain unknown. The 2016 presidential election has had an impact on the field, and many companies are reallocating resources in direct response to concerns over foreign hacking. Cybersecurity spending is increasing annually; 76 percent of companies surveyed in one study reported an increase in spending from 2016, with 89 percent planning to increase cybersecurity investments in 2017. The most extensive increases in cybersecurity spending are expected to occur in mid-sized companies, and malicious hacking remains the top priority in this field.

Keeping these goals, challenges, and constant evolution of this space in mind, we relied on two reputable industry leaders in the field of cybersecurity consulting, including Gartner and Scale Venture Partners, to determine cybersecurity trends for 2017 and 2018.

2017 and 2018 trends in Cybersecurity

Our findings revealed there are five trends in the cybersecurity space that will be most relevant in 2017:

1. Technical Prowess

First, there is an overall need for more technical knowledge in the field of cybersecurity, and as the importance of cybersecurity has been re-evaluated, responsibility for this function is now a C-level function in many companies. It is noted that sufficient skill sets in cybersecurity are scare in the current landscape, and this lack of technical prowess is expected to continue. Of particular importance is expertise in data classes and data knowledge. In many cases, companies are increasingly relying on in-house cybersecurity experts, with 53 percent of respondents in one study working to develop in-house security tools as an alternative to commercial vendors. However, once a commercial vendor is selected, it is noted that most companies are unlikely to part with them; only 17 percent of companies in one study who reallocated cybersecurity resources changed vendors.

2. Cloud Security

As the cloud environment has reached maturity, it has simultaneously become a pending security threat. It is estimated that in 2017, 60 percent of cybersecurity investments were designated for improved cloud security. There is a growing call for companies to actively develop security guidelines for both private and public cloud usage. This trend is explained as "the rise of SaaS, the utility consumption model, and ease of use have driven companies of every size, across every industry to move in earnest to the public cloud." By 2020, it is estimated that $1 trillion in IT spending will be the result of companies' shift to the cloud. Fintech businesses are leading this trend. Often native cloud-based organizations, they are driving cybersecurity beyond the traditional physical perimeter.

3. Detection and Response

Cybersecurity companies are shifting their focus away from prevention and are instead "adapting your security setup to focus on detection, response, and remediation." The top cybersecurity investment in 2017 is network security, representing 68 percent of spending in one study. Over 70 percent of companies reported in the same study that the cybersecurity investments are being invested to address data breaches, which have been identified as the top cybersecurity risk in 40 percent of organizations. In this climate, effective detection and timely response are critical. It is noted that in 2018, this trend is expected to evolve to include risk prediction. Of further interest is the need for digital businesses to share information securely for short-term partnerships, and subsequently be able to suspend and prevent access.

4. Development Operations Centers

Sixty percent of cybersecurity investments in 2017 have addressed the issue of data security, while the same percentage has been invested in improving data center operations. Going forward, data security is expected to be most effectively managed by development operations centers (dev-ops). While many companies balk at establishing a dev-ops center due to cost, there is a trend towards combining these functions. In fact, while cybersecurity is overall less siloed in 2017 than in prior years, the trend towards dev-ops centers is expected to become more significant.

5. Digital Ecosystems

The maintenance of digital ecosystems, defined as "an interdependent group of actors (i.e., people, things, enterprises) sharing standardized digital platforms to interact with one another to fulfill some commercial or civic purpose," is a critical trend in cybersecurity. Increasingly, cybersecurity must be responsible for the safety not only of data, but also actual people and real environments. Security in digital ecosystems must be developed to ensure the privacy and safety of individuals, as "safety, privacy, and reliability are also a part of cybersecurity." Consumers are expected to become more vocal in their need and expectation for security in the digital ecosystem.

OUTGOING TRENDS

Our findings revealed that outgoing trends in the field of cybersecurity in 2017 and beyond include insider risk analytics, threat intelligence, and bug bounties. Only 41 percent of cybersecurity investments in 2016 were made for insider risk analytics, while threat intelligence and bug bounties spending accounted for 38 percent and 20 percent of cybersecurity investments, respectively.

EXAMPLES OF CYBERSECURITY INVESTMENTS

In selecting an enterprise-class cybersecurity company in the United States, clients seek industry expertise, a broad spectrum of services to ensure transformational change, the use of AI to reduce complexity, and scalability of solutions and products. To provide some practical examples of enterprise-class cybersecurity companies and their current cybersecurity focuses, we identified the top three public cybersecurity companies as IBM Security, Raytheon Company, and Mimecast.

Areas of focuses for IBM Security include security intelligence and analytics, identify and access management, application security, advanced fraud protection, data security and privacy, and infrastructure protection. Raytheon Company is focusing on cybersecurity assessments, virtual security operations center, digital forensics and incidents response, and managed detection and response. Mimecast appears to be investing primarily in email and data security at this time.

CONCLUSIOn

In summary, the top five trends for cybersecurity companies in the United States in 2017 and beyond are the need for improved technical prowess in the field of cybersecurity, increased emphasis on cloud security, a proactive approach to threat detection and response, the rise of development operations centers, and the development of cybersecurity in the digital ecosystem.
Part
04
of four
Part
04

Enterprise cybersecurity industry

Introduction

Multiple industry reports confirm that spending on cybersecurity is set to increase, with the industry expected to grow in general in coming years. Nonetheless, projections over net growth vary given the fast-paced nature of growth to date, making it difficult for analysts to calculate rates with total accuracy.

Meanwhile, large cybersecurity companies are anticipated to occupy a greater share of the market in the near future. More companies are also predicted to contract cloud-based cybersecurity systems to protect their businesses from cybercrime over the coming years.

Growth Trends

According to a 2016 research paper carried out by Morgan and Stanley, investment in cybersecurity is expected to grow substantially in the near future. The report's findings state that both private companies and the national United States government are deciding to invest more of their budget in cybersecurity, given the increasing severity, frequency and costly nature of cyber attacks.

Data provided by Statista also showed that in 2017, spending on cybersecurity in the United States reached USD$60 billion, a figure which Morgan and Stanley said could double by 2020. Global spending on cybersecurity in 2017 was estimated at USD$120 billion, according to Cyber Security Ventures, making the US market the largest internationally.

Cyber Security Ventures also predicts that 12-15 percent year-on-year market growth until 2021, though other industry analysts expect the market to grow by a lower rate of 8-10 percent over the next five years. The company also attributes this growth to the growing levels and increased sophistication of cyber crime, but also to the rise in the number of devices which require some level of cyber protection, including tablets and smartphones.

Spending Trends

A February 2016 SANS Institute report on IT security expenditure recorded that the top three reasons driving enterprise spending on IT security are 1) the protection of sensitive data (63%), 2) compliance with industry regulations (56%) and 3) reducing incidents and breaches. Similarly, the study found that respondents spent the majority of their IT security spending on protection and prevention (72.4%) and detection and response (62.8%).

Meanwhile, nearly half (48%) of respondents in the SANS study said they allocated more than 11% of their IT security budgets to employing in-house staff. Enterprises also favored spending on more traditional methods of preventing cyber attacks, with expenditure on access and authentication (88.1%) and advanced malware prevention (80.2%) technologies coming out on top.

The SANS report was based on a survey of respondents across five industries, including in Financial services/Banking/Insurance, Technology/IT services, Government, Education and Healthcare, of which 72 percent were based in the US.

Cloud Cybersecurity to Grow

Though the SANS Institute states that the majority of IT security expenditure is spent in-house, the company anticipated in a separate 2017 report that cloud cybersecurity would grow in response to demand from companies, which are increasingly using mobile devices and cloud services.

Likewise, the PwC's 2016 Global State of Information Security Survey showed that nearly 70 percent of respondents said their company was already using cloud-based cybersecurity services to meet part of their cybersecurity needs.

Shift to Improve Cyber Protection Software

In addition, in an evaluation of future directions in the cybersecurity industry, Morgan and Stanley concluded that a "paradigm shift" was needed. In particular, the company said providers should concentrate on improving existing software, while companies should steer clear of the current practice of "layering" several types of security software, which they deemed inefficient.

The study suggests that in the future, IT security providers will concentrate on updating their hardware and software packages, while companies will seek out providers that can efficiently meet all of their cybersecurity needs.

Large competitors poised to take greater share of market

In the list below, Bessemer Venture Partners ranks the fourteen US IT security companies with more than $1 billion in market capitalization.

In the near future, Morgan and Stanley predicts that larger security providers will garner a greater share of the market as enterprises choose to contract what they perceive as more efficient providers. The company estimates that the largest five cybersecurity providers will grow their market share from 26 to 40 percent in coming years.

1 Symantec Corp. SYMC $17,1
2 Check Point Software Technologies Ltd. CHKP $16,9
3 Palo Alto Networks PANW $13,3
4 Splunk Inc. SPLK $11,5
5 VeriSign Inc. VRSN $11,4
6 Fortinet Inc. FTNT $7,7
7 Gemalto GTO $4,8
8 Proofpoint PFPT $4,1
9 Qualys QLYS $2,7
10 FireEye Inc. FEYE $2,5
11 Mantech International Corp. MANT $1,9
12 Barracuda Networks Inc CUDA $1,5
13 CyberArk Software, Ltd. CYBR $1,4
14 Imperva Inc. IMPV $1,3

Conclusion

To summarize, the cybersecurity industry is fast-growing, with spending on IT security expected to reach USD$120 billion in the US by 2020. Both companies and national governments look set to spend an increased percentage of their annual budgets on cybersecurity, as cybercrime becomes more sophisticated and attacks increase. Meanwhile, a rise in the use of cloud services and mobile devices among businesses means that cybersecurity companies will most likely be developing more enhanced cloud cybersecurity in the coming years. Larger cybersecurity providers are also expected to increase their market share significantly.

Sources
Sources