• United States



New Cyber Opportunities: Security Business is Growing and Changing

Mar 19, 20115 mins
Data and Information SecurityIT Leadership

Over the past few weeks there have been two very different reports released that offer helpful insights and answer important questions regarding the red hot cyber security market. Evidence is everywhere regarding the growing importance of cyber security – from college students looking for jobs to mobile computing and cloud computing companies that are trying to fill in their product lines with security offerings that get noticed.  

While everyone knows that the cyber security market is hot, how big is the global cyber security industry and how fast is it growing? The first briefing answers these and related business questions and gives recommendations for companies that are active in this space. It comes from Frost and Sullivan, and this analyst briefing by Balaji Srimoolanathan is offered for free by Bright TALK (registration is required). The session is entitled: Cyber Security – From Luxury to Necessity.

After describing cyber security definitions, describing threats and defining some basic industry terms, the presentation covers the global roles that various companies have taken regarding cyber security. He described our current period as an early industry phase with radical product innovation. I won’t be covering details of his proprietary material here – but a global forecast is provided in detail by region. During the Q/A session at the end, the presenter did offer these ballpark numbers:

The cyber security end-to-end market was $40 billion (US) in 2010, up from $34 billion (US) in 2009. He predicts that between 2011- 2015 the market will grow to somewhere between $60 to $120 billion annually, depending on a variety of factors.

Of course, there are many ways to measure and define the security markets, and other analysts certainly have different financial projections. Still, it is helpful to watch this presentation, in my opinion. I learned quite a bit about the business side of cyber security, as well as why so many companies are getting into, or expanding in, this field. More than that, it puts some figures behind the numerous headlines coming out of Washington D.C. and Silicon Valley.   

The second briefing is actually a white paper that was produced for a wide-variety of groups including BSA, CDT, Tech America, ISA and others who offer a an interesting defense of our current cyber model going forward,  entitled: Improving our Nation’s Cybersecurity through the Public-Private Partnership. Here are a few excerpts from their summary of the recommendations:

 “Risk Management:

o Standards: Government and industry should utilize existing international standards and work through consensus bodies to develop and strengthen international standards for cybersecurity.

o Assessing Risk: Government and industry need to recognize that their risk management

perspectives stem from different roles and responsibilities….

o Incentives: Government and industry must develop a menu of market incentives to motivate companies to voluntarily upgrade their cybersecurity….

 – Incident Management: Government should fully establish industry’s seat in the integrated watch center and begin evaluation and process for growing industry’s presence. Industry should ensure a long?term plan for filling the watch center seats; and participants should report lessons learned from collaborative exercises as soon as possible and undertake improvement measures on a timely basis.

 – Information Sharing and Privacy: Government and industry should clearly articulate information needs and how to promote more effective information?sharing to address those needs… Congress should consider whether narrow adjustments to surveillance laws are needed for cybersecurity purposes.

 – International Engagement: Industry and government need to engage international organizations and standards ? making processes and work together to develop a strategy for engagement, capacity building, and collaboration on issues of global concern.

 – Supply Chain Security: Government should expand its participation in the international system that develops supply chain security standards and work with industry to identify and disseminate them. Government should then leverage these standards when it acquires technology and take steps to ensure it does not acquire counterfeit technology products.

 – Innovation and Research and Development: The public?private partnership should be used to create a genuine National Cybersecurity Research and Development Plan with prioritized, national?level objectives and a detailed road map that specifies the respective roles of each partner….

 – Education and Awareness: The public?private partnership should enhance cybersecurity public awareness and education, and increase the number of cyber?professionals available to both government and business….”

 This second report is significant in that it offers a view of the way forward for the industry in the US over the next decade. In contrast, there may be government regulations coming that are opposed by these groups. These new laws may mandate more direct action by the private sector to protect critical infrastructure as well control what happens in certain cyber emergencies. Here’s an excerpt from an article on this subject:

 “The bill, the Executive Cyberspace Coordination Act, would give the Department of Homeland Security (DHS) the authority to establish “risk-enforced security practices and standards for critical infrastructure”, according to a summary of the legislation issued by Langevin’s office.

DHS would have the authority to create, verify, and enforce measures to protect information systems that control critical infrastructure. And the department would have the power to determine what critical infrastructure would be covered by the legislation.”

 Taken together, I believe that two things are clear. First, the cybersecurity market is hot and getting hotter. Second, there are serious disagreements over what that future will look like.

Any thoughts on either of these reports?  


Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist and author. During his distinguished career, Dan has served global organizations in the public and private sectors in a variety of executive leadership capacities, including enterprise-wide Chief Security Officer (CSO), Chief Technology Officer (CTO) and Chief Information Security Officer (CISO) roles in Michigan State Government. Dan was named: "CSO of the Year," "Public Official of the Year," and a Computerworld "Premier 100 IT Leader." Dan is the co-author of the Wiley book, “Cyber Mayday and the Day After: A Leader’s Guide to Preparing, Managing and Recovering From Inevitable Business Disruptions.” Dan Lohrmann joined Presidio in November 2021 as an advisory CISO supporting mainly public sector clients. He formerly served as the Chief Strategist and Chief Security Officer for Security Mentor, Inc. Dan started his career at the National Security Agency (NSA). He worked for three years in England as a senior network engineer for Lockheed Martin (formerly Loral Aerospace) and for four years as a technical director for ManTech International in a US / UK military facility. Lohrmann is on the advisory board for four university information assurance (IA) programs, including Norwich University, University of Detroit Mercy (UDM), Valparaiso University and Walsh College. Earlier in his career he authored two books - Virtual Integrity: Faithfully Navigating the Brave New Web and BYOD For You: The Guide to Bring Your Own Device to Work. Mr. Lohrmann holds a Master's Degree in Computer Science (CS) from Johns Hopkins University in Baltimore, Maryland, and a Bachelor's Degree in CS from Valparaiso University in Indiana.

More from this author