MARKET SIZING & PROJECTIONS
The worldwide cybersecurity market is defined by market sizing estimates that range from $71 billion in 2014 to $155+ billion by 2019.
- Worldwide spending on information security was expected to reach $71.1 billion in 2014, with the data loss prevention segment recording the fastest growth at 18.9 percent, according to a forecast from Gartner, Inc.Total information security spending is expected to grow a further 8.2 percent in 2015 to reach $76.9 billion.
- The Cyber Security Market 2015-2025: Leading Companies in Network, Data, Endpoint, Application & Cloud Security, Identity Management & Security Operations report by Visiongain (News - Alert) indicates that the cyber security market is set to be worth $75.4 Billion in 2015 (a small % difference compared to Gartner’s estimate for 2015), as high-demand continues for information security solutions.
- The cyber security market is estimated to grow to $155.74 billion by 2019, at a Compound Annual Growth Rate (CAGR) of 10.3 percent from 2014 to 2019, according to a report from Markets and Markets. The aerospace, defense, and intelligence vertical continues to be the largest contributor to cybersecurity solutions. North America is expected to be the biggest market, while the APAC and EMEA regions are expected to experience increased market traction.
“Next generation” cybersecurity spending could reach $15 billion to $20 billion in the next 3 years.
- FBR Capital Markets was quoted in a recent CIO Journal (published by The Wall Street Journal) article as predicting a 20% increase in “next-generation cybersecurity spending” this year (2015), as companies move beyond traditional firewall and endpoint vendors to cloud and Big Data solutions.
- About 10% of enterprises and government agencies have upgraded to next-generation security software, such as firewalls that detect and block threats at the application level, or Big Data analytics services geared toward security, said FBR Capital Markets Managing Director and Senior Research Analyst Daniel Ives. “The market for those software tools could be $15 billion to $20 billion over the next three years” added Ives.
- “Hackers and nation states are increasingly targeting websites in an attempt to gain illicit access to enterprise networks and highly valuable digital assets,” said Frost & Sullivan (News - Alert) Network Security Senior Industry Analyst Chris Rodriguez (Apr. 2015). “Since Web applications present a number of unique security challenges that require purpose-built security solutions, such high profile data breaches have piqued the demand for WAF (web application firewall) systems. The worldwide market is expected to reach $777.3 million in 2018.”
- One of many next generation vendors who are making waves is Spikes Security, based in Los Gatos CA, who is listed at #116 on the Cybersecurity 500 list of the hottest and most innovative cybersecurity companies in the world. Their CEO Branden Spikes served as the chief technologist for Elon Musk, one of the world’s most successful entrepreneurs, engineers, inventors and investors, for over 15 years at Zip2, PayPal (News - Alert), Tesla, andSpaceX. Spikes Security has a unique platform for isolating and eliminating browser-borne malware.
Global spending on mobile and network security estimated at $11 billion annually, and growing.
- According to Gartner, nearly 2.2 billion smartphones and tablets were sold to end users in 2014. Gartner predicts that by 2017, nearly 75% of mobile security breaches will be the result of mobile application misconfiguration.
- “In 2014 in the US, mobile web traffic exceeded desktop web traffic for the first time as mobile has become the most convenient and cost-effective way to get online” says Yuval Ben-Itzhak, Chief Technology Officer at AVG Technologies, one of the largest providers of consumer security, privacy, performance and backup mobile applications and software for Windows, iOS and Android devices. “So in 2015, we will see mobile apps becoming the primary target for hackers, with apps left unmaintained by developers in App Stores being among the most vulnerable” he says.
- According to Ernst & Young’s (EY) 2014 Global Information Security Survey, security teams’ biggest increases in spending will revolve around mobile technology (46%), followed by cloud and virtualization (43%), data leakage (41%) and identity and access management (39%)
- According to Infonetics Research, the mobile device security market is expected to grow to $3.4 billion in 2018.
- The Mobile Security (mSecurity) Bible: 2014 – 2020 – Device Security, Infrastructure Security & Security Services report published by SNS Research estimates that mobile device and network security investments accounted for nearly $11 Billion in 2014 alone. The market is further expected to grow at a CAGR of nearly 20% over the next 6 years.
- According to SNS Research, installation of anti-malware/anti-virus client software is fast becoming a de-facto requirement for most smartphones and tablets. Furthermore, mobile device OEMs are also integrating advanced biometrics such as fingerprint sensing into their smartphones and tablets, amid growing popularity of security sensitive opportunities such as mobile payments.
- There’s a tidal wave of opportunity for mobile security firms with the right strategies and offerings. One company riding the wave is SnoopWall, Inc., the world’s first counterveillance software development company focused on mobile app security. “Mobile-device security will become the top requirement this year (2015) for mobile banks, retailers and wallets as they move all their transactions into our space,” says Gary Miliefsky, SnoopWall’s CEO. “That’s why we developed our SDK, to provide protection for their apps against the hundreds of millions of pieces of undetectable malware disguised as free trustworthy apps — just waiting to steal valuable personally identifiable information in the blink of an eye.” SnoopWall is listed at #90 on theCybersecurity 500.
Security will become the killer app for big data analytics.
- The big data and analytics market will reach $125 billion worldwide in 2015, according to research firm IDC.
- Big data analytics tools will be the first line of defense, combining machine learning, text mining and ontology modeling to provide holistic and integrated security threat prediction, detection, and deterrence and prevention programs, according to recent predictions by The International Institute of Analytics (IIA).
- The Internet of Things (IoT) analytics will be hot, with a five-year CAGR of 30%, according to IDC. IoT will be the next critical focus for data/analytics services, according to IDC. While the IoT trend has focused on the data generation and production (sensors) side of the equation, the “Analytics” of Things is a particular form of big data analytics that often involves anomaly detection and “bringing the data to the analytics” according to The International Institute of Analytics (IIA)
- “Cybersecurity Ventures is expecting the big data security analytics” space to be very competitive with even more new entrants over the next year and a crowded field of vendors battling for market share” says Steve Morgan, Editor-in-Chief of the Cybersecurity Market Report. “It is a converged space with established companies coming in from different sectors and viewpoints (big data, analytics, network monitoring, logging, etc.), plus pure-play VC funded startups” adds Morgan.
- Privately held Lancope, Inc., based in Alpharetta GA, is the #2 listed company on the Cybersecurity 500. “In a space that includes so many vendors and different types of defensive technologies, Lancope is thrilled to be recognized among the top 10 cybersecurity providers for our innovation in leveraging the network as a sensor to deliver context-aware security analytics,” said Mike Potts, president and CEO of Lancope. “Relentless pursuit of network visibility and an unwavering dedication to solving our customers’ most difficult security problems have always been the cornerstone of our business. We are delighted to have received such a strong affirmation of our strategy from Cybersecurity Ventures and the many security practitioners they consulted to create this listing.”
- Splunk is a well known hot player in the big data space, and now the big data security analytics space – listed at #29 on the Cybersecurity 500. Splunk continues to expand their business with market specific and verticalized solutions for security and fraud, and IoT and industrial data.
- Ziften, #44 on the Cybersecurity 500 is another company to watch. Their groundbreaking solution provides continuous real-time visibility and intelligence, enabling incident prevention, detection, and response. Leveraging Splunk’s unique big data analytics capabilities as well as completeness of coverage in security, the Ziften for Splunk App is able to provide native integration of comprehensive endpoint visibility into Splunk, with the ability to combine that information with threat feeds and network intelligence for an end-to-end view of indicators of compromise.
- UK based Silobreaker, #132 on the Cybersecurity 500 is an up-and-coming cybersecurity analytics vendor getting a lot of attention from IT security practitioners. “Silobreaker has emerged as a leader for cyber open source intelligence by analyzing and contextualizing vast quantities of data to provide the bigger picture, beyond the technical parameters of cyber events” says Kristofer Månsson, Co-Founder and CEO at Silobreaker.
Cybercrime is on the rise and costing the world economy hundreds of billions of dollars annually.
- Companies across all industries worldwide have reported a total of 42.8 million detected attacks in 2014, according to the PWC Global State of Information Security Survey 2015. That’s a 48 percent increase in incidents since the prior year.
- Crime involving computers and networks has cost the world economy more than $445 billion annually, according to a 2014 report by the Center for Strategic and International Studies.
- The Justice Department (DOJ) has recently created a dedicated cybersecurity unit within its criminal division. “Given the growing complexity and volume of cyberattacks, as well as the intricate rubric of laws and investigatory tools needed to thwart the attacks, the cybersecurity unit will play an important role in this field” said Assistant Attorney General Leslie Caldwell during a speech at Georgetown University’s law school. The new DOJ cyber team will “ensure that the powerful law enforcement tools are effectively used to bring the perpetrators (of crimes) to justice while also protecting the privacy of everyday Americans” added Caldwell.
- Investigating cyber crimes—such as website hacks, intrusions, data theft, botnets, and denial of service attacks—is a top priority for the FBI. To keep pace with the evolving threat, the Bureau is appealing to experienced and certified cyber experts to consider joining the FBI to apply their well-honed tradecraft as cyber special agents. “The FBI seeks highly talented, technically trained individuals who are motivated by the FBI’s mission to protect our nation and the American people from the rapidly evolving cyber threat,” said Robert Anderson, Jr., executive assistant director for the Bureau’s Criminal, Cyber, Response, and Services Branch. “What we want are people who are going to come and be part of a team that is working different, very complex types of investigations and to utilize their skillsets in that team environment.” (source: fbi.gov)
- Cybercrime is generating market opportunity for small cyber specialty companies – like fast growingAutonomic Software in Danville CA, who is #40 on the Cybersecurity 500 list. “We are in the midst of tripling our revenues from year end 2014″ says Tony Gigliotti, President at Autonomic Software. “We are currently working with one of the world’s largest companies on unique ways to apply critical security updates to control process equipment, as well as U.S military allies for securing core I.T. applications. Our technology eliminates over 80% of all successful cyber attacks.”
- Another cyber fighter gaining market attention is Waltham MA based Cryptzone, #48 on the Cybersecurity 500. “With the proliferation of cyberattacks, organizations are increasingly seeking out trusted partners who can provide them with a layered approach to security to stop attackers at every vulnerable organizational entry point,” said Kurt Mueffelmann, president and CEO at Cryptzone. “We are honored to be recognized for efforts to resolve multi-faceted and layered issues that security has presented for today’s organizations.”
- As cybercrime costs the world economy billions, and helps create billions in revenue opportunity for vendors and service providers, cybercrime is also having a negative impact on companies seeking investment capital. According to new research from business consultancy KPMG, nearly 80% of investors would be put off investing in a business if it has been hacked or has an ineffective cybersecurity strategy. KPMG interviewed over 130 global institutional investors responsible for more than $3 trillion of funds. “Investors are looking for cyber-resilient organizations as a means to gain comfort around the growing concern of their business and to protect their investment” said Matthew Martindale, director at KPMG.
Demand for (U.S.) information security professionals is expected to grow by 53 percent through 2018.
- More than 209,000 cybersecurity jobs in the U.S. are unfilled, and postings are up 74 percent over the past five years, according to a Peninsula Press (a project of the Stanford University Journalism Program) analysis of numbers from the Bureau of Labor Statistics. The demand for information security professionals is expected to grow by 53 percent through 2018.
- Demand for cybersecurity professionals over the past five years grew 3.5 times faster than demand for other IT jobs and about 12 times faster than for all other jobs, according to a 2014 report by Burning Glass Technologies in Boston.
- Channel Partners reported that The Pentagon plans to triple its cyber workforce, the FBI’s Cyber Divisionplans to hire 1,000 agents and 1,000 analysts, and The U.S. Department of Homeland Security (DHS) is hiring 1,000 cybersecurity professionals.
- The FBI wants to grow to meet tomorrow’s challenges. “We’re looking to hire a lot of cyber agents now,” said Robert Anderson, Jr., executive assistant director for the Bureau’s Criminal, Cyber, Response, and Services Branch. “It’s an area where the FBI and the whole U.S. government will be looking for this talent for years to come.” Key requirements to be a special agent include passing a rigorous background check and fitness test. Agents must be at least 23 and no older than 37. Prospective cyber special agents are expected to meet the same threshold as special agents, but also have a wealth of experience in computers and technology. Preferred backgrounds include computer programming and security, database administration, malware analysis, digital forensics, and even ethical hacking. (source: fbi.gov)
- A recent BloombergBusiness article highlights that cybersecurity firms have hired hundreds of ex-government hackers over the last couple of years. The former government spies and hackers are now moving to the front lines of the cybersecurity services industry. FireEye, a cybersecurity market leader, has hired more than 100 ex-government hackers since 2013, according to CEO and Chairman of the Board David DeWalt.
- U.S. News and World Report ranked a career in information security analysis eighth on its list of the 100 best jobs for 2015. They state the profession is growing at a rate of 36.5 percent through 2022.
- Cybersecurity Ventures has launched a Directory of Top Cybersecurity Recruiters Globally, a community resource for sales and marketing executives, engineers and technical people, and senior managers looking for career opportunities. The directory is also geared to corporations seeking staffing assistance for CISO (Chief Information Security Officer) and IT security positions, as well as cybersecurity vendors and service providers who need help finding experienced personnel or recruiting C-level candidates.
EDUCATION & TRAINING
Fast Growing Security Awareness Training Market Exceeds $1 Billion Globally
- The importance of computer security awareness training is supported by numerous recent reports includingIBM’s 2014 Cyber Security Intelligence Index which found that 95% of all security incidents involve human error.
- Gartner, Inc. research Vice President Andrew Wells said the security awareness training market exceeds $1 billion in annual revenue (globally), and is growing approximately 13% year.
- According to Gartner, based in Stamford CT, employees’ actions can detrimentally impact security and risk performance. CISOs and employee communication leaders are increasingly turning to educational security awareness solutions to help improve organizational compliance, expand security knowledge and change poor security behaviors.
- In the 2014 U.S. State of Cybercrime Survey – co-sponsors included Carnegie Mellon University and the Secret Service – 28% of cybersecurity incidents were blamed on current or former employees, contractors and other trusted parties. Nearly a third of respondents said such incidents cost more or inflict more damage than outside attacks.
- Gartner released its inaugural Magic Quadrant for Security Awareness Computer-Based Training Vendors in Q4 2014, a report that reviewed the largest security awareness training vendors, plus many up-and-comers. The vendors in the Gartner report account for around $650 million in annual revenue.
- In response to growing demand for security awareness and other education, training, and certification,Cybersecurity Ventures has launched a Directory of Top Cybersecurity Education and Training Providers.
- Market growth is driving many new local, national and global entrants with a variety of programs and approaches to security awareness training. Digital Defense, Inc. (DDI) is helping companies protect vital business data with SecurED, an engaging training program that delivers expert information – with a dash of humor to make it fun and memorable – dramatically strengthening employee awareness and building a culture of security.
The Managed Security Services Provider (MSSP) market is continuing to grow as companies look to outsource Cybersecurity.
- Infonetics Research says the managed security market will exceed $9 billion by 2017, in its “Cloud and CPE Managed Security Services” report.
- Frost & Sullivan researchers predict the EMEA MSSP market will reach $5 billion by 2018. “Threat intelligence, research, detection and remediation services are likely to grow at a rate twice that of security asset monitoring and management, becoming a critical focus area that will distinguish market leaders from the rest,” stated Network Security Industry Principal, Frank Dickson.
- “North American Managed Security Services will reach $3.25 billion in market revenue by 2018. Security asset management and monitoring will continue to be the largest market segment. Nonetheless, market growth will be driven by the emerging threat intelligence, research, detection, and remediation services segment – the nexus for industry innovation,” according to Frost & Sullivan Network Security Research Director Frank Dickson (Apr. 2015).
- Market intelligence from ABI Research finds that the global managed security services market will be worth $15.4 billion by the end of 2015, and will reach $32.9 Billion in 2020. (ABI Research’s market sizing in this market category is substantially larger than Infonetics’s or Frost & Sullivan’s market sizing – which appear to have similar projections)
- By 2018, Gartner projects that more than half of organizations will use security services firms that specialize in data protection, security risk management and security infrastructure management to enhance their security postures. They say that in 2015, roughly 10 percent of overall IT security enterprise product capabilities will be delivered in the cloud, as cloud-based services or cloud-managed products. For small or midsize businesses, Gartner projects that 30 percent of security controls will be cloud-based in 2015.
U.S. FEDERAL SECTOR
Federal sector provides new opportunities for small businesses and cybersecurity providers.
- Demand for vendor-furnished information security products and services by the U.S. federal government will increase from $7.8 billion in FY 2014 to $10.0 billion in 2019 at a compound annual growth rate (CAGR) of 5.2%, according to Deltek’s Federal Information Security Market Report (published Oct. 2014) – which examines the trends and drivers shaping the federal information security marketplace and provides a forecast for the next five years.
- President Obama’s budget proposal for the 2016 fiscal year includes a projected 10 percent increase in cybersecurity spend, reports Reuters (News - Alert). The total for 2016, if approved by congress, will be $14 billion that will be spent across US government to better protect private and federal networks from cyberthreats.
- Vice President Biden, Secretary of Energy Ernest Moniz, and White House Science Advisor John Holdren recently travelled to Norfolk State University in Norfolk VA to announce that the Department of Energy is providing a $25 million grant over the next five years to support cybersecurity education. The new grant will support the creation of a new cybersecurity consortium consisting of 13 Historically Black Colleges and Universities (HBCUs), two national labs, and a k-12 school district. (source: whitehouse.gov)
- The government is increasing its investments in advanced cyber security technologies. Special attention is being given to securing the Internet of Things through federally-sponsored research in cyber-physical systems. Small businesses can use these R&D contractual vehicles to get involved in the government cyber security market.
- The federal government has set aside special funds for small businesses to develop innovative solutions in cyber security. The government also requires large defense contractors to subcontract a certain percentage of their cyber security solutions development to small businesses. So, a small business has multiple avenues for engaging in the federal cybersecurity market, either through direct contract with the government or by helping a large business meet its small business subcontractor quota.
- “To provide wider, discounted access to cybersecurity resources the General Services Administration (GSA) and the Department of Homeland Security (DHS) are strategically sourcing cybersecurity tools and solutions through the Continuous Diagnostics and Mitigation (CDM) and Continuous Monitoring as a Service (CMaaS) Blanket Purchase Agreements (BPAs) (see gsa.gov/cdm)” says Dr. Anita D’Amico, CEO at Code Dx, developer of a software vulnerability assessment tool and listed at #15 on the Cybersecurity 500. Code Dx has been awarded multiple SBIR grants from the DHS, totaling millions of dollars.
- MindPoint Group is a highly focused IT security professional services firm with extensive experience in the federal sector. They are a model for smaller firms seeking to gain respectable market share in the federal cybersecurity sector. They are featured on the Inc. 5000 top 20 Security Companies list, received recognition by their industry and clients such as the NASA Honor Award for innovative cloud security work and have been listed on the Cybersecurity 500 list (at #224), two quarters in a row. Operating out of two offices in the DC metro area, MindPoint Group is a SBA Certified 8(a), Woman-Owned (WOSB), Economically Disadvantaged Woman-Owned (EDWOSB), and Small Disadvantaged Business (SDB). Through the use of a diversified strategy that leverages a multitude of acquisition vehicles such as the CDM/CMaaS BPA, the company supports numerous government clients including many of the largest US federal agencies. MindPoint Group’s services include managed security services, cloud security, FedRAMP compliance, and IT GRC (governance, risk and compliance).
The U.S. Department of Homeland Security (DHS) budget is $32.8 billion for 2015.
- Provides $38.2 billion in non-disaster, net discretionary budget authority for DHS to protect the Nation from terrorist attacks, address critical capital needs, and carry out core homeland security functions such as transportation security, cybersecurity, disaster preparedness, and border security. (source: whitehouse.gov)
- Budget includes $549 million for supporting the EINSTEIN intrusion detection and prevention system and continuous diagnostics and mitigation, key Administration cybersecurity initiatives to address threats and vulnerabilities against Federal computer systems and networks. These initiatives are conducted through the National Protection and Programs Directorate (NPPD), which protects Federal computer systems and networks from cyber attack, disruptions, and exploitations, strengthens State and local governments’ cybersecurity capacity, and supports private sector efforts to protect critical infrastructures. (source: whitehouse.gov)
- The Budget also supports the design of a Federal Cyber Campus to co-locate key civilian cybersecurity agencies to promote a whole of government approach to cybersecurity incident response. (source: whitehouse.gov)
The U.S. National Intelligence Program budget is $45.6 Billion for 2015.
- Provides $45.6 billion in base discretionary funding for the National Intelligence Program to support national security goals and reflect a deliberative process to focus funding on the most critical capabilities. (source: whitehouse.gov)
- Budget includes adapting to evolving cyberspace capabilities to help protect Federal networks, critical infrastructure, and America’s economy, while improving the security of intelligence networks against intrusion and counterintelligence threats; and Enhancing information sharing through expanded use of the IT cloud to facilitate greater efficiency and improved data security across the intelligence information environment. (source: whitehouse.gov)
Asia-Pacific spending on critical infrastructure security is set to hit $22 billion (USD) by 2020
- ABI Research says active campaigns in cyberespionage and cyberwarfare plague nation states and private sector organizations in the Asia-Pacific region. Digitally advanced industries and emerging knowledge economies are lucrative targets for hostile cyber threat actors, fueled by political ideals or financial gain.
- Spending on critical infrastructure security is set to hit $22 billion (USD) by 2020 in the Asia-Pac region, according to ABI Research’s Cybersecurity Strategies for Critical Infrastructure Market Research.
- “The market for cybersecurity services is highly varied. Domestic vendors will feature highly in Northeast Asian markets such as Japan, South Korea, and China. However, there is significant opportunity for foreign security vendors to penetrate in Southeast Asian markets, notably Australia, New Zealand, Malaysia, Indonesia, Thailand, and India,” says Michela Menting, Practice Director for the Digital Security at ABI Research.
- i-Sprint, with headquarters in Singapore and offices in Malaysia, Thailand, China, Hong Kong, Taiwan, and Japan, is a leading Asia-Pac cybersecurity company serving the local regions. i-Sprint, #75 on the Cybersecurity 500, also has offices in the U.S. and is a premier identity, credential and access management solutions provider for global financial institutions and high security sensitive environments. As the Asia-Pac region’s cybersecurity market continues expanding, we expect that U.S. and Asia-Pac cybersecurity companies will pay more attention to each other – leading to channel and OEM partnerships, technology alliances, and distribution relationships. i-Sprint is one Asia-Pac company who is speaking very clearly to U.S. customers and potential partners. It remains to be seen how receptive U.S. corporations are to providers with headquarters or even satellite offices in certain non-U.S. nations.
Big banks and financial services firms ramp up cybersecurity spending in response to cyber-attacks.
- According to the Banking & Financial Services Cybersecurity: U.S. Market 2015-2020 report, published byHomeland Security Research Corp. (HSRC), the 2015 U.S. financial services cybersecurity market will reach $9.5 billion, making it the largest non-government cybersecurity market. In addition, the report concludes that this market will be the fastest growing non-government cybersecurity market, exceeding $77 billion in cumulative 2015-2020 revenues.
- JPMorgan Chase & Co will likely double its $250 million annual security budget within five years stated CEO Jamie Dimon in late 2014. JPMorgan disclosed that an attack by hackers exposed contact information of 76 million households and seven million small businesses. “It’s about firewall protection, it’s about internal protection, it’s about vendor protection, it’s about everything that hooks up into you,” stated Dimon. “There will be a lot of battles. Unfortunately some will be lost.”
- Consulting firm PwC (PricewaterhouseCoopers) stated that financial services companies will increase their cybersecurity spending by $2 billion over the next two years. PwC surveyed 758 banks, insurers, and other financial services companies, and stated they collectively spent $4.1 billion on cybersecurity in 2014.
- According to an article in the Wall Street Journal from late 2014, Citigroup Inc.’s annual cybersecurity budget has risen to more than $300 million, and Wells Fargo spends roughly $250 million annually on cybersecurity.
- Easy Solutions, Inc. illustrates the market opportunity for vendors focused on this burgeoning sector. The company has posted a nearly 1,500 percent growth rate during the past three years. They’ve been on the Inc 500 List of Fastest-Growing Companies, was a Red Herring Top 100 North America Tech Start-Up, and is currently listed as #5 overall on the Cybersecurity 500 list of the hottest and most innovative cyberscurity companies in the world. “Total fraud protection has become of critical importance given such well-publicized and damaging attacks against some of the worlds most recognized and trusted brands” says Ricardo Villadiego, CEO of Easy Solutions. “Our unique and comprehensive multi-layered approach to stopping fraud across all devices and channels is helping financial institutions and enterprises fight today’s most sophisticated threats”.
Healthcare cybersecurity is lagging behind other sectors.
- ABI Research says hospitals, clinics, trusts, and insurers are constantly under attack from malicious online agents. And yet the industry spends very little on cybersecurity, comparatively to other regulated critical industries. ABI Research calculates cybersecurity spending for healthcare protection will only reach $10 billion globally by 2020, just under 10% of total spend on critical infrastructure security.
- The value of personal health information, made more easily available with the convergence to electronic health records, is ten times that of financial data such as credit card numbers. Medical identity theft and fraud are also on the rise, and healthcare providers are struggling to cope instances of data breaches leaking millions of personal records. These findings are part of ABI Research’s Cybersecurity Strategies for Critical Infrastructure Market Research.
- “Cybersecurity for healthcare is still a small, fragmented market but the potential opportunities for expansion are large and will continue to grow as healthcare organizations increasingly come under cyberfire,” says Michela Menting, ABI Research Digital Security Practice Director.
THE CYBERSECURITY 500
Cybersecurity Ventures announces its Q2 2015 List of the world’s hottest and most innovative cybersecurity companies.
- The Cybersecurity 500 list of companies is at www.Cybersecurity500.com. 22% of the Cybersecurity 500 listed companies (110 companies) had international (non-U.S.) headquarters, a substantial increase over the Q1 2015 list. Countries outside the U.S. with companies listed are: United Kingdom (20 companies); Israel (16); Canada (13); Germany (12); France (5); Ireland, The Netherlands, Denmark (4 each); Finland, China, Australia, Brazil (3 each); Italy, Greece, Spain, Switzerland, Sweden, Romania, South Korea; Argentina (2 each); and Russia, Slovakia, Japan, Hong Kong, India, South Africa, Czech Republic, Singapore, Portugal (1 each).
- Coming in at #1 on the list is Editors’ Choice, FireEye, Inc. (NASDAQ:FEYE), the highflying Milpitas CA based cybersecurity and malware protection company. “Cyber defense has never been more critical than it is today, and the Cybersecurity 500 recognizes the “companies to watch” on the front lines of this battle” says David DeWalt, CEO and Chairman of the Board of FireEye. “FireEye is committed to changing the way the world combats today’s advanced cyber attacks, and the Cybersecurity 500 spotlights the evolution taking place by raising awareness of the most innovative companies in the security industry” adds DeWalt.
- AVG Technologies N.V. (NYSE:AVG), with global headquarters in Amsterdam, The Netherlands, is the top listed international company and #6 overall, who recently announced they have surpassed two-hundred million active users of their software. “The cybersecurity landscape is constantly changing and AVG recognizes the importance of being represented in an authoritative and credible resource like the Cybersecurity 500″ says Stephanie Kane, Senior PR Director at AVG.
- IBM Corp. (NYSE:IBM) ascended to #8 on the list, after integrating a number of acquisitions in to their now called IBM Security business, and a clarified message to the market. “IBM is ushering in an intelligence-driven era of security with our clients” says Brendan Hannigan, General Manager at IBM Security. “We are outpacing the competition because we help clients safeguard the full spectrum of a risk framework – people, data, applications and infrastructure – by deploying the industry’s broadest portfolio of security consulting, services, and software” adds Hannigan.
Cool cybersecurity companies to watch in the top 100.
- The Cybersecurity 500 listing ranks companies based on feedback from CISOs, execution ability and market buzz. A red-hot company at #9 on the list is Veracode, headquartered in Burlington MA, who provides a market leading cloud platform for web and mobile application security scanning.
- New York City based Bayshore Networks (#43 on the list) is a leader in the fast-growing Industrial Internet of Things (IIoT) security market. Bayshore’s customers include Fortune 100 industrial and enterprise leaders. They use the Bayshore solution for Industrial IoT security; Operational and safety policy execution; Layer 7 filtering, and high-value Intellectual Property protection.
- Cybersecurity Legend John McAfee is back in the saddle at Future Tense Central (#70), based in Opelika, Alabama. Founder of his namesake McAfee Associates in 1987, and an antivirus pioneer, McAfee founded Future Tense in 2013 in an effort to aid consumers in regaining control over their information and privacy. The personal privacy market is still in the early stages of developing, and Future Tense already has 150,000 users of its Chadder secure instant messaging app for mobile phones.
- Baton Rouge LA based TraceSecurity (#73), pioneer in cloud-based IT governance, risk and compliance (GRC) solutions, delivers a SaaS platform, TraceCSO, that allows organizations to manage all eight of the major IT security activities needed to defend against today’s cyber-attacks. “The market currently faces a huge cybersecurity skills shortage and TraceCSO is the answer,” says Peter Stewart, TraceSecurity CEO and president. “Together, TraceCSO’s built-in information security expertise, best practice workflow, end-to-end integration and global database of compliance requirements allows organizations to implement and manage their information security program without requiring additional IT resources or in-house security expertise.”
More professional services firms show up on the Cybersecurity 500.
- “Unprepared organizations, when notified of a breach by external entities such as the FBI, are increasingly employing professional security service providers to address security emergencies,” according to Frost & Sullivan Network Security Research Director Frank Dickson (Apr. 2015). “Evasive malware and security skills shortages are driving demand for professional security services. Professional Security Services in North America will reach $1.9 billion in market revenue by 2018.”
- “Cybersecurity Ventures expects pure-play cybersecurity firms to outshine generalized IT VARs and systems integrators (who are developing security competencies) when it comes to CISOs who are selecting partners to help protect their enterprises” says Steve Morgan, Editor-In-Chief of the Cybersecurity Market Report. “CISOs are seeking peers and subject matter experts with deep experience to advise them on coping with today’s sophisticated cyber threats and attackers, and to help select the right cybersecurity technologies and solutions” adds Morgan.
- “The cyber threat requires a human vs. human approach, allowing superiorly equipped and trained defenders to focus on pro-active defense and adversary pursuit,” said Eric Hipkins, CEO of root9B (#216 on the list), a fast-growing cybersecurity consultancy and operational support firm headquartered in Colorado Springs CO, with offices in San Antonio TX and New York City. “The Cybersecurity 500 recognizes root9B’s combination of innovative capabilities, unmatched operational experience, actionable threat intelligence, and tailored training solutions as the necessary paradigm shift in cybersecurity”. root9b has extensive experience in commercial verticals including financial services, retail, energy, and others, plus federal agencies based on their founder’s military and law enforcement backgrounds.
- Some of the bigger names in cybersecurity professional services include #8 IBM Security, UK based BT at #10, top defense contractor Lockheed Martin at #18, AT&T Network Security listed at #33, and federal providerRaytheon (News - Alert) in the #170 position.
- Hot regionally located companies on the list include #21 IT Security, Inc. (Pittsburgh PA), #58 Accuvant (Denver CO), #101 LIFARS (New York City NY), #166 TrustedSec (Strongville OH), #167 GuidePoint Security (Reston VA), #234 Herjavec Group (Toronto, Canada), and #316 GreyCastle Security (Troy NY).
Top cybersecurity firms from Europe join the list.
- Following the disclosure of Heartbleed in April 2014, a vulnerability that gained global attention, and its strongest year of financial performance to date, Finland based Codenomicon was listed as the #5 security company in Europe and among the top 25 globally on the Cybersecurity 500. “We’re honored to be recognized as a leader in the cybersecurity space,” says David Chartier, CEO of Codenomicon. “The discovery of Heartbleed drew a lot of media attention for Codenomicon over the past year, but our tools have been used to detect and address critical vulnerabilities for over a decade. As people become more aware of the evolving cyber threat landscape, the demand for proactive security solutions will continue to rise—and Codenomicon is poised to help businesses across a wide range of industries as well as government organizations address these needs.”
- ESNC is a leading provider of SAP security solutions. The Munch, Germany company, listed at #89 on theCybersecurity 500, has experienced rapid growth over the past three years as demand for protecting mission critical ERP and business applications from SAP has risen. Being an inch wide and a mile deep around SAP security had made ESNC a go-to company for enterprise SAP customers globally.
- SpamTitan Technologies, headquartered in Galway, Ireland, and #123 on the Cybersecurity 500 provides award winning email security appliances to satisfied customers in over 100 countries across all verticals from SMBs, schools, universities and colleges to ISPs and government organizations. “In SpamTitan, our staff are assisting our customers on a daily basis in dealing with the constant threat of cyber attack, and this is now as important for the smaller businesses as it is for the fortune 500 company” says Ronan Kavanaugh, CEO at SpamTitan. “We are delighted to be working with the Cybersecurity 500 in highlighting the need for vigilance and raising awareness for all businesses.”
- Well known companies listed in the top part of the Cybersecurity 500 with corporate headquarters in Europe include #6 AVG (Amsterdam, The Netherlands), #10 BT (London, UK), #22 F-Secure (Helsinki, Finland), #27Gemalto (Meudon Cedex, France), and #106 Sophos (Abingdon, UK).
Moka5 closes it’s doors, Boeing’s Narus cybersecurity brand is dissolved
- The Virtualization Review (VR) reports that enterprise mobility and cybersecurity software vendor Moka5 has apparently closed it’s doors. It is possible the company still exists and is seeking a buyer. Moka5, previously number 2 on the Cybersecurity 500, had raised between $50 million and $100 million in venture funding (varying reports on Moka5’s funding make it difficult to discern exactly how much they raised). The company was founded in 2008 by four Stanford University computer scientists.
- The Wall Street Journal reported in early 2015 that Boeing was exiting the commercial cybersecurity business, and that Symantec was acquiring staff and technology licenses from Boeing’s Narus unit. Other media depicted the transaction as an “acquisition”. Our research indicates that Symantec only hired some of the Narus staff. It appears that Boeing also retained ownership of the Narus intellectual property (software) and customer base. “To be clear, Boeing has most definitely NOT exited the cybersecurity business” says Andrew Lee, Senior Manager and Division Communications Lead, Electronic & Information Solutions at Boeing. “We continue to support a variety of defense, government and security customers with cybersecurity and data analytics products and services. It is correct that with the divesture of Narus, we are not focusing on commercial cybersecurity for the time being.”
Cybersecurity funding in 2014 broke the $2 billion barrier for the first time.
- According to New York City based CB Insights, in the last 5 years, $7.3 billion has been invested into 1,208 private cybersecurity startups. Since 2010, deals and dollars increased steadily growing by more than 100% in both areas during this time period. Funding in 2014 broke the $2B barrier for the first time while deals continued their steady ascent growing to 269 deals.
- Among VC investors, Intel Capital is the most active investor in cybersecurity startups having invested in more than 20 companies since 2010, according to CB Insights. Intel Capital and Google Ventures were the only corporate investors that made the list of most active cybersecurity investors.
- Tom LaSorda, former CEO of Chrysler Corp. and Fisker Automotive Inc., said his venture capital fund IncWellhas invested in a global automotive cybersecurity supplier called TowerSec. TowerSec was founded in 2012 by a team of Israeli cybersecurity experts and Detroit-based automotive experts. “We’ve been looking for a solution to the growing cybersecurity threat in vehicles,” LaSorda, 60, said in a recent statement. “The threat is growing rapidly as vehicles are becoming increasingly more connected whether to devices and the Internet of Things or to other connected vehicles. It further intensifies with the continuing development of self-driving or autonomous vehicles. This connectivity puts both lives and personal data at risk.”
- “We expect to see cybersecurity VC activity rapidly expand from the cloud, IT and consumer security markets to Internet of Things (IoT) security over the next 2 years” says Steve Morgan, Editor-In-Chief of the Cybersecurity Market Report. “The automotive industry will be one of many IoT markets where we will see VC money flowing” adds Morgan.
MERGERS & ACQUISITIONS
Recent Cybersecurity M&A Activity
- Singtel acquires managed security services provider Trustwave (Chicago, IL) for $810 million. Singtel, the largest telecommunications provider in Southeast Asia with over 500 million mobile customers is expected to close on the deal within 3 to 6 months.
- Lookingglass (Arlington, VA), a cyber threat intelligence monitoring and management provider, has announced an all-cash acquisition of CloudShield, a deep packet processing (DPP) company for an undisclosed amount.
- Cloud security provider CloudLink (Ottawa, Canada) announces they have been acquired by EMC.
- CSC acquires Autonomic Resources (Cary, NC), a cloud computing infrastructure provider. Autonomic was the first cloud service provider to achieve compliance under FedRAMP and the first to achieve compliance with security controls outlined by DISA.
- Defense contractor Raytheon (Waltham, MA) is investing $1.57 billion to create a new cybersecurity company with private-equity firm Vista Equity Partners LLC. The new firm will combine Raytheon Co.’s cyber products unit with Websense Inc. (San Diego, CA), which Raytheon agreed to acquire from Vista.
- Bain Capital acquires Blue Coat Systems (Sunnyvale, CA) from Thomas Bravo for $2.4 billion. (Thoma Bravo acquired Blue Coat Systems for $1.26 billion in 2012). Blue Coat provides online security and WAN optimization solutions.
- The Kenjya Group (Columbia, MD) and Trusant Technologies (Columbia, MD) announces plans to merge. The combined company, The Kenjya-Trusant Group, will provide cyber protection, information technology, engineering, construction management and acquisition-support services to the IC, DoD and DHS.
- GTT Communications (McLean, VA), a provider of cloud networking services, announces plans to acquire the managed services business of MegaPath for $152.3 million. The division provides private networking, access services and managed security services to more than 500 large clients.
- Akamai Technologies acquires Xerocole (Boulder, CO), a DNS platform provider.
- Vistronix acquires Agency Consulting Group (Columbia, MD), Objective Solutions (OSI) (Columbia, MD) andExaTech Solutions (Herndon, VA). Objective provides big data, cyber, collection and advanced analytics solutions to the IC. OSI deal expands Vistronix’s subject matter expertise in data analytics, wireless security, communications protocol analysis, real-time secure messaging.
- PAE acquires the Global Security and Solutions (GS&S) business unit of USIS. With approximately 1,900 employees, GS&S provides services in litigation support, biometric capture and enrollment, training, construction surveillance and security consulting. Acquisition enhances PAE’s existing support to the DHS and other customers in the classified market, along with multiple long-term contracts focused on identity management, infrastructure protection, information management and mission support.
- Ross Technologies (RTGX) acquires The Tipstone Group (Fairfax, VA), a provider of cyber research and program and portfolio management capabilities for the US DoD and IC.
- Cisco acquires Neohapsis (Chicago, IL), a provider of application security, cloud security, compliance, IT risk and security strategy, mobile device security, and network and endpoint security services. Deal enhances Cisco’s Advanced Malware Protection portfolio of security solutions and helps it improve its network security services, both on-premise and in the cloud.
- Microsoft acquires Aorato Ltd. (Israel), a cybersecurity startup that developed a directory services application firewall. Aorato raised $10 million in VC from Accel Partners, Innovation Endeavors, Glilot Capital Partners and Mickey Boodaei.
- ZeroFOX (Baltimore, MD), acquires Vulnr, a stealth-mode security technology company. Vulnr’s technology will be integrated into ZeroFOX Enterprise, cyber security’s social risk management platform, to bolster the company’s product offerings.
Recent Cybersecurity Investment & IPO Activity
- Cybersecurity startup Illumio (Sunnyvale CA) raises $100 million in series C financing round. Illumio provides a cloud and data center security platform.
- Mobile security company Skycure (Tel Aviv-Israel) raised $8 million to fund new research and development. Shasta Ventures, Pitango Venture Capital, and Michael Weider contributed to the round. Skycure has raised a total of $11 million to date.
- Lookingglass (Arlington, VA), a cyber threat intelligence monitoring and management provider, has closed a $20 million Series B round led by New York-based Neuberger Berman Private Equity Funds.
- Sqrrl (Cambridge, MA), a provider of big data analytics for identifying and responding to cyber threats, raises $7 million in Series B, led by Rally Ventures, joined by Atlas Venture and Matrix Partners. The company also unveiled new software aimed at detecting and responding to cybersecurity threats. Total funding to date is now $14.2 million.
- Team8 (Israel), a cybersecurity startup foundry and think tank, raises $18 million in Series A. Backers include Alcatel-Lucent, Bessemer Venture Partners, Cisco Investments and Innovation Endeavors.
- Pindrop Security (Atlanta, GA), a provider of phone fraud prevention and call center authentication, raises $35 million in Series B funding.
- Dtex Systems (San Jose, CA), a provider of insider threat protection solutions, raises $15 million in Series A, led by Norwest Venture Partners and Wing Ventures.
- Darktrace, a British cyber-security firm backed by former Autonomy boss Mike Lynch, has raised $18 million. Investors Talis Capital and Hoxton Ventures joined Lynch’s Invoke Capital in the funding round.
- SecureKey Technologies (Toronto, Canada), a provider of identity and authentication solutions, secures $19 million in Series C, led by Blue Sky Capital and Rogers Venture Partners LLC.
- Zimperium (San Francisco, CA), a provider of mobile threat defense solutions, raises $12 million in Series B, led by Telstra Ventures, in addition to TOYO Corp., Sierra Ventures, Lazarus Israel Opportunities Fund and Samsung.
- Emailage (Chandler, AZ), a provider of fraud prevention solutions, secures $3.8 million in funding, led by Felicis Ventures, in addition to Double M Partners and Mucker Capital.
- PayPal acquires CyActive, an Israeli cybersecurity company for $60 million.
- Datashield (Park City, Utah), a provider of cyber-security solutions, secures $4 million mezzanine loan and equity commitment from Huntington Capital.
- Hortonworks (Santa Clara, CA), an open-source platform for storing and analyzing big data, raises $100 million in their IPO with an initial market cap of $666 million.
- Evident.io (Dublin, CA), a provider of continuous cloud security technology for AWS, raises $9.85 million in Series A, led by Bain Capital Ventures. True Ventures also participated. The company had previously raised $1.5 million in seed funding from True Ventures.
- V-Key Inc. (Singapore), a provider of mobile security and cryptographic technology, raises $12 million in Series B from Ant Financial and return backer IPV Capital.
- Endgame (Arlington, VA), a developer of security intelligence and analytics tools, raises $30 million in 3rd round. Round was co-led by new investors Edgemore Capital and Top Tier Capital Partners. Previous backers Bessemer Venture Partners, Paladin Capital Group, Columbia Capital and Kleiner Perkins Caufield & Byers also participated in addition to Savano Capital Partners.
- CipherCloud (San Jose, CA), a provider of cloud visibility and data protection solutions, raises $50 million in Series B, led by Transamerica Ventures, along with Delta Partners, Andreessen Horowitz and T-Venture.
- Clef (Oakland, CA), which provides a two-factor authentication solution that uses Apple’s fingerprint reader rather than passwords, raises $1.6 million in seed funding from Morado Ventures and individual angel investors.
- Cyber Squared (Arlington, VA), a developer of a cyber threat intelligence platform, raises $4 million in its first round of funding and renames their company ThreatConnect. Round was led by GroTech Ventures. Funds will be used to accelerate product development and expand sales and marketing globally.
- NowSecure (Oak Park, IL), a mobile device data security and management, raises $12.5 million in Series A. Baird Capital led the round and was joined by Math Venture Partners and Jump Capital.
- ThreatStream (Redwood City, CA), a SaaS-based cyber security threat intelligence platform, raises $22 million in Series B led by General Catalyst Partners. Other investors include Institutional Venture Partners, Google Ventures and Paladin Capital Group.
- NexDefense (Atlanta, GA), a cybersecurity firm, raises $2.4 million. Round was led by Mosley Ventures and Buckhead Investment Partners.
- DB Networks (Carlsbad, CA), a provider of cyber-security that leverages machine learning and behavioral analysis, raises $17 million in new VC funding. Round led by Grotech Ventures; joined by Khosla Ventures and Citi Ventures.
- Nok Nok Labs (Palo Alto, CA), a provider of authentication solutions, raises $8.25 million in Series C. Backers include DDS Inc., Raven Ventures, DCM Ventures, Lenovo Group Limited and ONSET Ventures.
- Area 1 Security (Menlo Park, CA), a cybersecurity startup focused on social engineering attacks, raises $8 million in Series A, led by Kleiner Perkins Caufield & Byers. Company has now raised $10.5 million. Other backers include Allegis Capital, Cowboy Ventures, Data Collective, First Round Capital, RedSeal Networks CEO and former Venrock Partner Ray Rothrock, and Shape Security CEO Derek Smith.
- EdgeWave (San Diego, CA), a provider of military-grade cyber-security solutions, raises $2 million in additional Series A from TVC Capital, Northgate and Bill Baumel and RWI Ventures’ partners. Total 2014 capital raised is $8 million.
- Vkansee Technology (Beijing), a provider of fingerprint sensors for mobile security, raises $7 million in VC from the Aviation Industry Corp. of China.
- iSIGHT Partners (Dallas, TX), a provider of cyber threat intelligence solutions, secures $30 million in Series C funding from Bessemer Venture Partners. The company will use the proceeds to bolster its intelligence services, enhance its core ThreatScape products, develop new partnerships and expand its sales and marketing activities.
- Ionic Security (Atlanta, GA), a provider of a distributed data protection platform for the enterprise, raises $40.1 million in Series C, led by Meritech Capital Partners; other backers include Kleiner Perkins Caufield & Byers and return backers Google Ventures, Tech Operators and Jafco Ventures.
- Phantom Cyber, a cybersecurity startup with an ambitious idea to automate cybersecurity, announced a $2.7M seed round with backing from some of the biggest names in computer security. Investors include John W. Thompson, former CEO of Symantec, Thomas E. Noonan, former CEO of Internet Security Systems (ISS) and John C. Becker, former CEO of Sourcefire, and Zach Nelson, CEO of NetSuite Inc. (previously a senior executive with McAfee, now part of Intel).
- CloudLock (Waltham, MA), a cloud based data security company, raises $6.7 million in 4th round of funding. Company has previously raised $28 million from Bessemer Venture Partners, Cedar Fund and Ascent Venture Partners.
- Cloud application security company Veracode (Burlington, MA) is planning to go public in May, according to Fortune. Veracode has raised over $110 million in venture capital funding. Its most recent round was a $40 million Series F infusion last September led by Wellington Management.
- According to Reuters, leading SIEM vendor LogRhythm (Boulder, CO), whose investors include Access Venture Partners, Adam Street Partners, Grotech Ventures and Riverwood Capital, has chosen JPMorgan Chase and Morgan Stanley for an IPO in the second half of the year.
- Rapid7 (Boston, MA), a provider of security analytics software and services, closes $30 million in funding from Bain Capital and Technology Crossover Ventures. Rapid7, whose investors include Bain Capital Ventures and Technology Crossover Ventures, has chosen Morgan Stanley and Barclays to assist with an initial public offering, according to Reuters.
- Email security vendor Mimecast (Boston MA), whose investors include Insight Venture Partners, Dawn Capital and Index Ventures, has spoken to some investment banks about an IPO later this year but has not hired any firms, according to Reuters.
Stay tuned for the Cybersecurity Market Report, Q3 2015 edition, coming in early July.
The Cybersecurity Market Report is published quarterly by Cybersecurity Ventures. We cover the business of cybersecurity, including market sizing and industry forecasts from consolidated research by IT analyst firms, emerging trends, employment, the federal sector, hot companies on the Cybersecurity 500 list, notable M&A, investment and IPO activity, and more.
Edited by Stefania Viscusi