There is a wide difference in opinion between research and strategy firms in relation to the size and growth of the cyber security market. It is not surprising. The industry is complex, changing quickly and definitions are far from standardised.
In terms of complexity the industry is characterised by start-ups, small to medium sized enterprises and international, multi-disciplinary advisory firms. They offer a mix of threat and risk assessment services, software, managed services and disaster recovery together with other digital services. Most advanced economies have their own unique ecosystem comprising indigenous companies ranging from those content to serve their own national market to private equity backed industry stars promoting their capabilities globally. Understanding the supplier ecosystem and channels to market is a complicated task.
Cyber Security is also growing and changing. The growth of digital infrastructure has led to many security challenges that includes managing thousands of endpoints, protecting networked systems (IT/OT) and securing cloud-based data. As the digital footprint continues to grow, sensors are connected to increasingly large networks, and boundaries become blurred, new suppliers will emerge to plug the security gaps.
The variety of definitions, market segmentations and lack of technology standardisation further complicate matters. Marketing departments invest heavily in thought leadership to create new market spaces for themselves, introducing new language and segmentations to help differentiate from competitors. This makes identifying who supplies what, to whom, another issue for research and strategy firms.
Although these issues present a sizeable challenge, they should not prevent research and strategy firms from producing reliable and consistent intelligence and insight. However, this does not appear to be the case. The chart below reports the global cyber security market size according to 14 different firms. In 2019, the most conservative firm calculated a market size of $101bn whilst at the higher end several firms estimated $168bn. The gap doesn’t close over the forecast period with most firms calculating a compound annual growth rate of around 10-12%.
Government and industry often use several sources to help smooth the differences in market opinion and WA suggests that this is prudent for such a large and opaque market. However, depending on the firms selected, there may be little difference in opinion as the analysis shows that some organisations report very similar numbers. These organisations either have very similar approaches or they are overly influencing each other’s valuation of the market opportunity.
There is an argument that the wide-ranging forecasts can be explained due to different definitions and segmentations. However, this is only likely to account for a small percentage of the difference between firms as WA analysis clustered similar work together. It is more likely that different research methodologies, some more robust than others, are responsible for the different estimates.
WA has been asked by some industry leaders why getting such an accurate picture of the market size is important. The theory goes that whether the cyber security market is $100bn or $170bn, it’s a big number and there is money to be made. We don’t agree. Whilst the market is large and growing, the market is not big enough to sustain so many companies providing similar services. There are over 1,500 cyber security organisations delivering cyber products and services into Europe alone. Once the market is broken down into its various regions, products & services, industry segments and channels, the total addressable market for a single product or service company may well be small and highly competitive. Understanding the size of the available opportunity will allow investors, governments and business leaders to make better decisions and reduce risk.
The chart below is produced from an analysis by WA of security company profitability. The most mature market, manned security services, has a very low variation in company operating income as a percentage of sales from the industry average. These are well run organisations benefiting from economies of scale but are under constant pricing pressure and carry high personnel costs resulting in lower average margins. Cyber security exhibits a far greater variation around the average due to its relative market infancy. The average operating income is 1% of sales with several organisations very profitable whilst others are currently making significant losses due to high investment in product development and marketing. Some organisations will succeed, others will fail whilst some will be acquired as the industry begins to consolidate. Those making investment decisions should be well informed about the scale of their respective opportunities, the direction of the market and the threats the business faces.
Security Industry Profitability in 2018
Westlands Advisory is working on delivering three cyber security reports from Q1 in 2020. The titles of the these reports include:
Global Cyber Security Market Analysis and Forecast,
Cyber Security Competitive Analysis
Global Customer Analysis and Cyber Security Expenditure Forecast
WA aims to provide a single source of reference for the global cyber security market through utilising a robust methodology that has been tried and tested with government and industry. WA believes in transparency and is committed to providing a project that is supported by data and clear assumptions to help build industry confidence in the analysis.
WA would like to continue this discussion with analyst relations professionals to present a view of the cyber security market, outline our methodology and deliver insights on the current and future status of the market.