Predictions, schmedictions. The media is chock-full of them this time of year. So, we'll spare CSO readers from another look into the crystal ball. Instead here's some reality on how the cybersecurity industry looks as we enter the next calendar year.
In a nutshell, big tech goes big cyber in 2018. Just about every major technology brand has advanced their position in cyber during 2017 — via product and service innovation, merger and acquisition activity, or simply reprioritizing the importance of security to its overall mix.
Cybersecurity has long been a cottage industry composed of small point product companies, regional and national service providers, and a short list of unicorns (pure-play cyber firms with a market cap of $1 billion or more).
Recent estimates by Cybersecurity Ventures puts global spending on cybersecurity at $1 trillion cumulatively over the five-year period from 2017 to 2021.
The cyber crime epidemic — which is expected to cost the world $6 trillion annually by 2021, up from $3 trillion in 2015 — is fueling the market for cyber defense solutions. Add in the growing compliance mandates, including GDPR and its May 2018 deadline, and the cybersecurity market figures will rise to dizzying heights over the next decade.
Who's who in cybersecurity
Here's a short list of what big tech companies have done lately — in their quest to push deeper into the rapidly expanding cybersecurity market:
Accenture — Healthcare is the most hacked industry, and Accenture takes its temperature, reporting a whopping 83 percent of U.S. physicians have suffered a cybersecurity attack. The professional services giant provides a full range of security services to healthcare providers, not to mention most other verticals.
Amazon — With its new GuardDuty offering, and large enterprises such as GE deploying the service globally in a single day, Amazon Web Services (AWS) is a force to be reckoned with in the cybersecurity space.
Apple — Face ID — the new facial recognition technology from Apple — replaces Touch ID for unlocking the iPhone and for mobile payment authentication, baking more security into the iPhone X smartphone. Make no mistake about it; Apple is all about privacy and security — and with the passage of time, customers will become less dependent on add-on apps for identity and access management (IAM).
Cisco — The networking giant has a formidable $2 billion-plus cybersecurity business, and they're moving into the smartphone security space, focusing on the growing malware and ransomware threat to iPhones. Mobile net traffic now exceeds desktop traffic — and Cybersecurity Ventures predicts Wi-Fi and mobile devices will account for nearly 80 percent of IP traffic by 2025. If anyone wants to know where the cybersecurity market is heading, they should follow Cisco.
Dell — While Dell has spun out (and sold off) sizable security businesses, it's giving birth to new ones. One of the latest, Dell Data Guardian, part of the Dell Data Security Solutions portfolio, is a groundbreaking document security solution in a huge market. The Dell Technologies portfolio includes SecureWorks — which IPO'd last year — and RSA, its crown jewel of security.
Facebook — CEO Mark Zuckerberg said Facebook is doubling its security engineering team to 20,000 people and doubling its technology investments to detect cyber threats — to the point where it will significantly impact their profitability going forward. Facebook is all about security in 2018, and its users are warm to the idea of more protection from them — which may squash some social media security aftermarket products.
Fujitsu — The U.K. is helping to power Fujitsu's cybersecurity business and will continue to do so in 2018. Hacks and breaches on U.K. organizations and the looming GDPR deadline are areas of focus for Fujitsu, which announced an expanded release of its Cyber Threat Intelligence platform at the recent Fujitsu Forum 2017 in Munich. Although Fujitsu serves customers globally, the U.K. looks to be a springboard into the broader European region.
Google — Gmail's built-in phishing detection and ransomware defense is luring businesses to switch email platforms. Organizations of all size and type are looking for email security, and Google is delivering big time. The Yahoo hack has sent a large base of consumer defectors over to the Gmail camp. Google has a reputation for secure platforms and apps, and email remains at the top of the list for its user base. This may spell trouble for point vendors, which are dependent on insecure email platforms in order to sell their wares.
HPE — A special report from Reuters said HPE let Russia scrutinize a cyber defense system used by the Pentagon. Notwithstanding, numerous security experts dispelled any interpretation of wrongdoing on HPE's part (there was none). More importantly, the report drew attention to HPE's ArcSight and it's major market penetration in the U.S. military, including the Army, Air Force and Navy, as well as the private sector.
Hitachi — The new Hitachi Vantara business launched earlier this year and is focused on four hot cybersecurity categories for 2018: Internet of Things (IoT), artificial intelligence (AI), blockchain and biometrics. Hitachi recently hired the ex-product development and product management lead for IBM Watson — which has been touted as the centerpiece of Big Blue's cybersecurity vision.
IBM — Security is a $2 billion-plus business for IBM, and all signs point to continued growth in that market for Big Blue. In 2015, IBM Chairman, President and CEO Ginni Rometty said, "Cybercrime Is the greatest threat to every company in the world." And IBM Security has put the pedal to the metal in security ever since. Last year IBM pitted its star pupil, Watson, against hackers in the war against cyber crime. Now the company is saying AI is the future of cybersecurity.
Intel — To some, Intel's big news in security this year was the spin out of its McAfee business, which became an independent cybersecurity company. But the chip giant's more important news is its eye-popping $15 billion acquisition of Mobileye, an Israeli automotive security company that has an installed base of nearly 15 million vehicles. Ninety percent of cars are expected to be online by 2020, and Intel plans to equip the lions share of them with collision avoidance technology. Out with the old, and in with the new — Intel is a hotter than ever in cybersecurity.
Microsoft — The Redmond giant employs 3,500 security professionals globally, and it spends $1 billion annually in the security field. Some of their cyber build up has come via acquisitions of several impressive Israeli security companies. Microsoft may have been late to the internet party, but they are right on time for cybersecurity. They've cooked security into their market-leading platforms, while quietly building up an arsenal of cybersecurity services that rivals the best in the industry.
Oracle — Anyone who thinks Larry Ellison is so busy yachting that he's not paying attention to the burgeoning cybersecurity market should think again. Oracle's CEO had a lot to say about winning the cybersecurity war at this year's OpenWorld event. The new Oracle Identity Security Operations Center (SOC) portfolio of services and Oracle Management Cloud will help enterprises forecast, reduce, detect and remediate cybersecurity threats.
Samsung — The semiconductor maker has stated that as the benefits of IoT devices grow, so does the importance of security throughout the network that spans from cloud, servers and hubs to the individual connected devices. With hundreds of billions of new IoT devices connecting to the internet over the next few years, Samsung is poised to push well beyond its smartphones in the cybersecurity market. There's a chip in every Thing, and Samsung knows how to wrap security around silicon as well as anyone.
Symantec — The world's biggest security software company is all in. Symantec dropped everything in order to focus its energy solely on combating cyber crime. So far, they're the only multi-billion-dollar company to do so. Time will tell if the market has an appetite for more supersize security companies. Symantec figures to be a market consolidator alongside the big tech brands.
The Big 4 — Deloitte / PwC / EY / KPMG — The Big 4 have all grown their security businesses in 2017, and they will continue pushing hard into the market in 2018. The convergence of compliance and cybersecurity bodes well for the Big 4, which are all well positioned to help organizations globally come into GDPR compliance. Bean counters know cyber, and the math says the Big 4 are collectively generating billions of dollars in cybersecurity revenues. Cross training CPAs onto cybersecurity to cope with compliance is similar to cross training IT pros on the network and application side of things. The market is hungry for cyber talent, and the Big 4 have lots of it.
Defense contractors — Raytheon / BAE / Lockheed / Boeing / General Dynamics / Northrop Grumman / United Technologies / L-3 — The top 5 defense contractors bungled the cybersecurity opportunity in the past. But they're pushing back into the market in various ways, and we'll take a look at that in an upcoming story. The defense contractors employ some of the top people in cybersecurity, many of them with ex-military experience, and worthy competitors in the cybersecurity market — especially in the federal sector.
The big tech coverage here is by no means a complete list. It's hard to name a large tech company without some presence in cybersecurity.
So, what happens to all the niche companies in cybersecurity? While some will surely be acquired by big tech companies, most have opportunities to continue growing on their own. There's dozens of high-flying point players right now — many of them clustered in the hottest areas such as managed security service providers (MSSPs), identity and access management (IAM), ransomware prevention, and security awareness training for employees.
There will be a continual stream of new market entrants funded by VC and corporate investments into cybersecurity startups, much like we've seen over the past four years.
Cybersecurity is the fastest-growing tech sector, and there's lots of headroom for big tech and pure-play cyber firms to grow. While all other tech sectors are driven by a need to reduce inefficiencies, increase productivity, better serve customers, and improve profitability — cybersecurity is driven by cyber crime. That's a huge difference, which has created a huge market.
Cybersecurity market watchers should keep a close eye on big tech companies in 2018.
* Pure-play cybersecurity companies (i.e. FireEye, Palo Alto Networks, etc.) are absent from this analysis and will be covered in an upcoming story.
Visit SteveOnCyber.com to read all of my blogs and articles covering cybersecurity.
Follow me on Twitter @CybersecuritySF, or connect with me on LinkedIn. Send story tips, feedback and suggestions to me here.