Analysts accused of underestimating IT security growth
Eight to 10 per cent growth forecast by several market watchers does not account for growing scope of cybersecurity market, according to Cybersecurity Ventures
IT analysts are chronically underestimating the growth in the cybersecurity market, according to research firm Cybersecurity Ventures.
In its Q3 market report, Cybersecurity Ventures claims that IT analysts are "unable to keep pace" with the "dramatic rise" in security issues, including malware and ransomware, which are driving up spending.
Cybersecurity Ventures is a research and market intelligence agency founded in 1999, focusing predominately on emerging security vendors.
The firm publishes a quarterly Cybersecurity 500 table, ranking the most innovative vendors in the industry.
The Q3 edition ranked Surrey-based BAE Systems as the top UK cybersecurity outfit, with a global ranking of eighth.
Steve Morgan, CEO at Cybersecurity Ventures, claimed that the global market will swell by between 12 and 15 per cent year on year by 2021, not the eight to 10 per cent projected by several market analysts.
He claims that IT analysts are "rooted in IT security" and have not yet evolved to the full cybersecurity market that now encompasses sub-markets including non-computer devices and non-IT-centric platforms.
"It is likely that analyst firms will catch up during the second half of 2016 and update the disproportionately low share of total IT spending which security is expected to account for, over the next five years, in their current reports," said Morgan.
"Many corporations are hesitant to announce breaches they've suffered - and the amounts of their increased security budgets - for fear of reputational damage and of antagonising cybercriminals.
"By 2020, we expect IT analysts covering cybersecurity will be predicting five-year spending forecasts to 2025 at well over $1tn (£770bn)."
Morgan cited moves by major banks as an indicator that spending will increase more quickly than expected.
JP Morgan Chase announced a doubling in its security budget earlier this year, from $250m to $500m, while Bank of America declared its budget unlimited.
Gavin Bradbury, senior vice president at security integrator NTT Security, told CRN that while he expects the market to grow over the next five years, there are too many variables to be sure by what percentage.
He added that the global skills shortage in the security sector will undoubtedly push up spending.
"There are not enough highly skilled security people, both analysts and consultants, so the growth rate will go up as well as the rates of consulting," he said.
"It's a very dynamic, fast-moving marketplace and the skills that are out there cannot keep pace with those needs, so for that reason we're seeing significant growth in top-end consulting value-add services."
James Miller, managing director at Foursys, told CRN that bosses at organisations are currently underestimating how much money they need to set aside for cybersecurity.
Foursys is prominent in the public sector and Miller said he expects growth in this particular sector to be "not anywhere near" the predicted overall increase.
"The challenge is that the budgets aren't doubling to accommodate that [projected spend increase] - they're pretty static," he said.
"I expect them to go up a bit - I expect them to have more money to spend on IT security as a whole, but they're obviously under significant pressure from the deficit and the cuts."
Miller expects to see greater growth on the corporate side of things, particularly as SMBs try to cope with the growing threats from malware and ransomware.
Colorado-based cybersecurity consultancy root9B topped Cybersecurity Ventures' latest Cybersecurity 500 rankings, followed by Canadian MSSP Herjavec Group and IBM Security. The selection criteria for the list are subjective, encompassing factors such as customer base, VC funding, growth and feedback from CISOs and VARs.