Consolidation in the Cyber market
Who will benefit from the super nomal levels of forecast growth?
The global Cyber attack last Friday is the latest stark reminder of how the defence and security market is changing. Attacks do not have to be physical in order to cause harm. Cyber attacks have the potential to be fatal or economically disastrous in just the same way as conventional warfare. As President Obama said on Monday “One of the biggest challenges for the next President, and the President after that is going to be how do we continue to get all the benefits of cyberspace but protect our finances, protect our privacy”. In a world where growth is hard to come by, new forecasts see the Cyber Security market growing 12-15% year on year until 2021. But is it clear what the products of the future will look like? And can we discern which protagonists will win market share?
Last week’s internet outage was caused by an attack on under-protected Internet of Things (IoT) devices, for example smart televisions, digital video recorders, security cameras, baby monitors and web connected home devices such as coffee makers and fridges. The vulnerability of the rapidly growing IoT has led to the leading researcher into Cybercrime, CyberSecurity Ventures, to say that previous growth forecasts of 8-10% year on year for the Cyber market now look too low.
Putting numbers on current Cyber Security spending is incredibly challenging because businesses and governments categorise security spending in many different ways. Most put security into another budget line; whether IT, General Operations or Compliance. Traditional IT security is rooted in servers, networks, data centres and IT infrastructure. However, we now have to consider non-computer devices and non-IT centric platforms, which gives rise to whole sub-markets, for example aviation security and automotive security. CyberSecurity Ventures estimate that worldwide spending on Cyber Security products and services will total $1 trillion over the period 2017 – 2021. Other experts argue that if you encompass data collection, storage, analysis, threat intelligence, operations and dissemination then the figures involved could be much higher.
So where will all this money be going? For the past decade, niche security providers have taken market share from larger more traditional IT companies. However, there is a growing belief that the market is reaching a point of maturity that is going to see industry consolidation and the largest providers regaining traction.
The most common approach to safeguarding digital assets is defence in depth – the layering of more and more layers of protection, often from a number of different providers because small companies have developed specific protections or fixes to one-off problems. However, this strategy is difficult to maintain and relies on human judgment to assess the threats at any one time. Increasingly Management teams want consolidation of systems in order to streamline their processes.
IBM and Cisco have two of the largest Cyber businesses ($2bn and $1.75bn respectively). Both have been steadily growing and making strategic acquisitions in the space. They are competing fiercely with more pure play cyber companies and there is one school of thought that sees the biggest players taking significant market share from smaller competitors over the next five years.
However, it is important to remember that Cyber products are by their nature very short cycle and must constantly evolve. The risk to the growth at the big players is that they are unable to be agile enough to compete with the technological developments at their smaller competitors.
It is the ever-changing nature of the threat that means whilst there is now legislation in place in the US and EU mandating cyber protection for anyone that provides ‘essential services’, Governments are reluctant to legislate the level of protection required, or endorse specific providers, for fear of the legislation rapidly becoming obsolete. It is however noteworthy that in the UK, Hewlett Packard (HP) is now the seventh largest supplier to the UK MOD which indicates HP is the UK Government’s preferred provider of Cyber products.
Disclaimer - Past performance is no guarantee of future results. Inherent in any investment is the potential for loss. This material is being provided for informational purposes only and nothing herein constitutes investment, legal, accounting or tax advice, or a recommendation to buy, sell or hold a security. This document may contain materials from third parties, which are supplied by companies that are not affiliated with Edison Investment Research. Edison Investment Research has not been involved in the preparation, adoption or editing of such third-party materials and does not explicitly or implicitly endorse or approve such content. No recommendation or advice is being given as to whether any investment is suitable for a particular investor. It should not be assumed that any investments in securities, companies, sectors or markets identified and described were or will be profitable. All information is current as of the date of publication and is subject to change without notice. While based on sources believed reliable, we do not represent this material as accurate or complete. Any views or opinions expressed may not reflect those of the firm as a whole. Edison Investment Research does not engage in investment banking, market making or asset management activities of any securities. The material has not been prepared in accordance with the legal requirements designed to promote the independence or objectivity of investment research.