Steve Morgan is founder and editor-in-chief at Cybersecurity Ventures, one of the world’s leading researchers and publishers of reports covering global cybercrime damage projections, cybersecurity spending forecasts, and cybersecurity employment figures. This is what he says about the industry.
What cybersecurity firms are going to be really popular in the coming decades?
Over the past 3 years we’ve seen two tech giants emerge as cybersecurity market leaders: Cisco and IBM. They each have security businesses which generate roughly 2 billion dollars annually. In the last quarter alone (Q3 16) the two grew by another 10 per cent. We expect that Cisco and IBM will continue leading the market and acquiring niche players.
Other large participants will join. Microsoft has acquired several cybersecurity companies over the past two years, but they haven’t presented a cohesive business strategy to the market yet. We expect they will do that, and raise up a formidable cyber division comprised of products and professional services. Oracle made a heavy push into cybersecurity this year with their acquisition of Dyn, the leading enterprise DNS company with 3,500 enterprise customers.
Unisys has built up significant cyber security resources and is likely to emerge as a more prominent brand in cyber. In short, it is the large tech companies who will dominate cyber over the next decade. Some will grow organically, others will be acquirers. Cisco and IBM are the only two right now who have clearly defined and sizable security business units which can be real market consolidators.
With the rise of cyber threats, what kind of companies will flourish?
The cybersecurity industry has built up mainly around product oriented companies. It is still a cottage industry segmented into number categories. The cybercrime epidemic is driving the market towards companies with human resources – namely those focusing on advisory and consulting, specialized outsourced cyber defense services, and productized Cybersecurity-as-a-Service — CaaS – offerings.
Organizations are suffering through a prolonged cybersecurity workforce shortage and their needs have switched from technology to people. Product companies will struggle as the market is over saturated with new entrants. Service companies with highly specialized personnel.
Come 2035, what will cyber warfare look like? Possible losses in global profits? Will governments around the world be ready to fight back?
Our sources predict global annual cybercrime costs will grow from $3 trillion in 2015 to $6 trillion annually by 2021, which includes damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm.
Global spending on cybersecurity products and services for defending against cybercrime is projected to exceed $1 trillion cumulatively over the next five years, from 2017 to 2021.
In short, World War III is upon us… and it is cyber. This projects through 2035 and beyond.
Any thoughts on cyber threats to India and what can India do to really strengthen its digital artillery?
India is an emerging economy, which means they have an emerging cyber attack surface. Cyber attacks on Indian businesses and government sites are doubling year over year, according to our sources.
India appointed its first CISO (Chief Information Security Officer) recently, which was an important step for the country. India has also wisely partnered with the U.S. and the U.K. on cybersecurity initiatives. To further strengthen its cyber defense capabilities, India needs to train its young people on cyber and graduate more security specialists from its higher education system.
India has historically produced top computer science graduates which demonstrates the nation’s ability to educate their students on technology. Now the focus needs to shift from software development to cybersecurity.