Fifteen VARs account for more than a third of western European cybersecurity market

A third of western Europe’s cybersecurity market is served by only 15 security-focussed VARs, according to a report by PwC.

The remaining 66 per cent represents a “fragmented” cybersecurity market, consisting of small security VARs that “have not significantly extended the breadth of their capabilities,” beyond basic product resale and implementation, PwC states.

“An opportunity exists to fill this demand gap via a mix of organic growth and M&A, notably by… supplementing security services offerings to include managed security services and selling to increasingly large customers, including on a pan-European basis more akin to SIs or Telecom operators,” said the report.

The report suggests that the European cybersecurity market was worth $22bn (€20.57bn) in 2016, and is expected to grow eight per cent per annum to $25.3bn leading up to 2018. Furthermore, the report claims that 63 per cent of organisations that are currently not outsourcing managed security services are planning to do so within the next three years.

Out of 10 cybersecurity buyers surveyed by PwC, eight said that they see value in there being more pan-European service providers, as they offer a broader range of products and services, greater country-to-country consistency and better value for money.

“As solutions become increasingly complex, the cyber security industry is responding. Service providers who are able to complement vendor’s ‘off-the-shelf’ products with proprietary and/or bespoke solutions are taking the lead. In particular, specialist security service providers, with managed security service (MSS) capability and cross-border footprints, appear best-positioned to address customers’ fast-evolving needs,” the report states.

PwC singles out SecureLink, the security arm of services powerhouse NCC, and NTT Com Security as the European market’s early MSS frontrunners. SecureLink has made six acquisitions since 2012: ISSC in 2012, Raido in 2014, Zion Security in 2015 and CoreSec, Nebulas and iT-CUBE in 2016.

NCC Security has meanwhile bagged eight firms over the last six years: Axzona in 2011, Intrepidus Group and Matassano in 2012, FortConsult in 2014, Fox-IT and Accumuli in 2015 and Viritual Security Research and Payment Software Company in 2016. Lastly, NTT Com Security has swooped on three firms during the same time frame: Secode in 2011 and Infotrust and BDG in 2014.

“NCC and SecureLink, in particular, have outperformed the market to become the two largest independent European service providers, smaller only than NTT-owned NTT Com Security,” the report reads.

While NCC’s security arm has grown its headcount to a present-day 978 employees across 14 countries worldwide, SecureLink has grown its employee base to 625 across nine countries. SecureLink has seen a year over year revenue growth of 21 per cent, next only to NCC which registered 30 per cent, according to the report.

The report concluded: “The cyber security industry is responding to the increasingly complex cyber threat environment in which organisations now find themselves. Service providers such as NTT, NCC and SecureLink are early frontrunners, proof of the ability of security-focussed service providers to grow beyond specific local markets through a mix of organic growth and M&A.

“These specialist providers appear well positioned to be able to meet customer needs, while operating in a way that provides comfort around their long-term financial stability, and indeed growth, going forward.”


Leave a Reply