Information Security (Global Market)

Main Article: IT (Global Market)

Market segments

• Information Security Software (Global Market)
• Network Security Solutions (Global)

Information security (Russian market)

Main article: Information security (Russian market)

2022

The volume of the information security technology market grew by 15.8% to $71.1 billion

The cost of cybersecurity technology on a global scale is growing steadily. In 2022, costs in the corresponding segment increased by 15.8% compared to the previous year, reaching $71.1 billion. This was announced on March 23, 2023 by the analytical company Canalys.

The study takes into account indicators for six key segments of the information security technology market. These are endpoint security tools, network security tools, data security, web security and email protection, vulnerability scanning and analysis software, and identity access control systems.

Deliveries of information security products through sales channels for the year increased by 16.1% - to $64.6 billion, which is 91% of the total global market. Direct transactions between customers and vendors of security solutions accounted for the remaining 9%. By the end of 2022, network security tools became the largest category in terms of customer costs. This is followed by vulnerability detection tools and identity access control software.

The upbeat results are offset by growing budget constraints on IT that force customers to prioritize projects, while additional levels of control further lengthen sales cycles. Leading suppliers have struggled for positions in a highly fragmented market. Access control, cloud protection and security center upgrades remain the focus, Canalys said in a report.

As of the end of 2022, 12 leading cybersecurity tool suppliers controlled almost half of the global market in terms of expenses - 47.1%. The industry leader was Palo Alto Networks with a share of about 7.9%. Fortinet is in second place with 6.8%, and Cisco closes the top three with 6.1%. Next come Check Point and CrowdStrike, whose figure is 3.8% and 3.2%, respectively. On the sixth line is IBM with 3.1%, on the seventh - Okta with 3%. Then come Microsoft, Trellix and Symantec - 2.9%, 2.9% and 2.6%. Eleventh and twelfth places went to Splunk and Trend Micro, whose shares were 2.4% and 2.3%. All other suppliers combined control 52.9% of the industry.

The development of cybersecurity platforms by introducing new features available by subscription has allowed the largest suppliers to attract new customers. This gives information security companies the opportunity to strengthen their position, survive the economic downturn and benefit from the fact that customers are striving to reduce costs, "said Matthew Ball, chief analyst at Canalys.

Geographically, North America was still ahead of other regions in overall cybersecurity spending, with the region accounting for more than half of global costs - roughly 52%. In second place is the EMEA market (Europe, Middle East and Africa) with a share of approximately 30.1%. Another 13.8% of the costs were provided by customers in the Asia-Pacific region. Latin America contributed 3.5%.

In terms of product categories, by the end of 2022, software for ensuring network security brought 27.6% of all revenue. The share of tools for searching and analyzing vulnerabilities was 21.4%, identity access control systems - 19.1%. Then come endpoint security software with 14.4%, as well as web security and email security software with 14.3%. Data security accounted for 3.2%.^[1]

The global market for information security services by 2025 will reach a volume of $94 billion

According to Accenture, the global cybersecurity services market will grow by 13% per year and reach $94 billion by 2025. The company announced this on February 4, 2022. The main areas of development will be cybersecurity as a service and automation of information security operations, special attention will be paid to the protection of critical infrastructure and applications.

According to Accenture, the increase in cybersecurity spending is due to various factors, in particular a constant increase in volume. malware The methods of intruders are constantly evolving. Services hackers become more accessible and are often used as a means of competition or easy earning, leading to the formation of the Cybercrime-as-a-Service model (as a cybercrime service).

The dependence of business ecosystems on the stable operation of the digital infrastructure makes companies extremely vulnerable to information security threats. The effectiveness of attacks is growing, as cybercriminals are armed with digital technologies, including ML/AI solutions.

A symmetrical response to the use of fraudsters AI will be the development of solutions using/for MLAI the protection of networks, data endpoints, access,,, etc applications. clouds According to forecasts, the segment of information security solutions using AI by 2027 may amount to $46 billion.

Companies still have many bottlenecks in building information protection. Thus, attacks are carried out comprehensively - on ecosystems and supply chains - and they have to be resisted in an organized manner together with partners.

Large-scale digitalization of the economy requires a lightning-fast time-to-market: as a result, many applications and solutions go into production in a "raw" unsafe form.

A number of applications enter the market with a large number of vulnerabilities, and they are not always fixed quickly. Together with "holes" in infrastructure and security tools, their presence seriously increases information security risks for companies, "said Andrei Tymoshenko, head of Accenture's information security practice in Russia.

As a result, the pace of digital transformation is ahead of the development of information security. The lack of specialists also affects: there are about 3.5 million open vacancies for information security specialists in the world.

The answer to these challenges will be the development of the "Security-as-a-service" model - this model allows you to quickly solve urgent problems even in conditions of a shortage of personnel. Also, to implement comprehensive information security strategies and protect business ecosystems, joint cyber centers will be created - Cyber ​ ​ Fusion Center, uniting competencies in IT, information security, risks, compliance, economic security and various business areas at one table to quickly respond to digital risks and threats.

Analytics tools will be used more and more actively in the field of information security: this will make it possible to more effectively find bottlenecks in the IT infrastructure, faster anticipate attacks and more accurately rank risks.

Cyber ​ ​ Threat Intelligence and Threat Hunting and Anomaly Detection tools are developing. To test hypotheses, test the reliability of the infrastructure and increase the efficiency of detecting and predicting cyber attacks, various options for cyber wars of the company's IT and information security infrastructure and systems will be created.

The demand for services for the development of information security competencies will grow, including conducting cyber exercises and cyber polygons, raising awareness, developing knowledge and skills of users in the field of information security. This also applies to remote security tools: infrastructure, remote connectivity and clouds.

In the mass market, the growth of cybercrime is also facilitated by the spread fake information and penetration of remote identifications into different areas of life. There are also many problems to be solved here, in particular - the use biometric of information, this will become a separate and promising direction, - concluded Andrey Tymoshenko.

List of key security trends

The list of key security trends in 2022 was prepared by Hikvision specialists. This became known on January 19, 2022.

In 2022, the security industry will continue its development, despite social and economic factors that have had the strongest impact on the business and the market as a whole. In addition to traditional physical security, large and small businesses quickly master and implement high-tech solutions based on artificial intelligence (AI), cloud computing and the Internet of Things, special attention is paid to ensuring cyber protection of systems and data. The security sector is gradually moving to a wider range of products and services that not only provide protection, but also work to improve business efficiency, create additional value both for individual users and for companies, for society and the state.

Hikvision (hikvision.ru) specialists have prepared a list of key trends that will have a significant impact on the security industry in 2022 and in the near future.

Trend# 1. Artificial intelligence everywhere and in everything

Artificial intelligence has been used in security systems for a long time, and every year the number of both users and smart solution providers will grow rapidly. An increasing number of security market participants are aware of the value of AI applications and functions, and are finding new areas and scenarios of application.

Trend# 2. The combination of artificial intelligence and the Internet of Things

The number of security devices connected to the network is growing rapidly, which are becoming an important part of the Internet of Things (IoT) segment. Devices are receiving an increasing number of smart functions, developing AIoT directions in the market - intelligent devices connected to the network. The combination of AI and IoT takes the entire security sphere to a whole new level, expanding the available functionality and contributing to the digital transformation of industry verticals, including power, logistics, retail, education, healthcare and others.

Trend# 3. Converged Systems as a Replacement for Traditional Data Warehouses

In the field of security, the trend continues to unite individual systems - video surveillance, access control, alarm and others. Additional solutions that are not directly related to security are connected to the same infrastructure - personnel management, finance, logistics, corporate platforms. Convergence expands opportunities for collaboration, helping to make strategic decisions more efficiently and quickly based on more data and the results of their analysis.

Trend# 4. Cloud Solutions and Services

Like artificial intelligence, cloud technology is nothing new in security. It is worth highlighting the development of the direction of cloud services and the creation of additional value for security service providers - installation organizations and service companies, for which cloud applications create an additional business tool for remotely configuring user systems, solving technical problems, and updating software.

Trend# 5. High image detail in any environment as a new industry standard

The number of requests for cameras with technologies for generating full-color and detailed images in difficult security environments is growing rapidly. As a company with worldwide experience, Hikvision sees a significant increase in demand for highly sensitive 4K solutions in the market. If initially the technologies were designed only for cameras with a fixed lens, then over the past year they appeared in the lines of cameras with a variophocal lens.

Trend# 6. Biometric technologies for access control

The January 2022 segment of access control systems is still undergoing a transition period, but the trend towards biometric technologies is increasingly clearly visible. The market offers a large set of biometric identification solutions: facial recognition, fingerprint, palm, vein pattern, retina. The main advantage of biometrics is the high level of reliability and accuracy of recognition.

Trend# 7. Security systems begin to use the Zero Trust model: minimum trust, maximum checks

The more devices that connect to the network, the more relevant the issue of cybersecurity becomes. The strategic initiative of Zero Trust or "zero trust" is based on the postulate "never trust and always check" and is aimed at preventing data leaks, increasing the level of security of modern information systems. Initially, the concept was adopted in the IT industry, but now its approaches are also applied in the field of physical security as security devices become an important part of the IoT direction.

Trend# 8. Growth in demand for green production and green technologies

The world has embraced the trend for environmentally friendly materials and energy efficient technologies. There is a growing demand for devices equipped with solar panels, including security devices. Demand is driving engineers to create increasingly complex and yet greener systems that are powered by sunlight and can be applied not only in urban areas, but also in remote areas where there are infrastructure difficulties.

2021

Cybersecurity market reaches $162.9 billion

The global cybersecurity market in 2021 reached $162.9 billion. Such data were published by Astute Analytica analysts at the end of January 2022.

The cloud security segment holds the highest market share with over 30% in 2021 as cloud solutions provide accurate recovery of information and applications. Growing demand for cloud security and hybrid cloud platforms such as Amazon Web Services (AWS) and Azure, among other key platforms, presents great opportunities for the global cybersecurity market to grow. As more organizations use cloud security to support work environments both in the office and at home, it receives a significant positive response in the market.

In 2021, the North American cybersecurity market held the highest market share of about 35%, supported by key market players in the region who deliver cutting-edge solutions around the world, according to an Astute Analytica report. North America is followed by Europe and the Asia-Pacific region, which account for about 51% of the combined market share in 2021.

Major players in the cybersecurity market are Cisco, IBM, Trend Micro and Palo Alto, which account for about 41.60% of the market, with the rest owned by other local players around the world.

The size of the global cybersecurity market is expected to expand depending on various factors, such as the growing demand for data and information protection worldwide, the growing number of cybercrimes. According to one of the partners Interpol from the private sector, between January and April 2020, 907,000 spam reports, 737 incidents related to malware and ON 48,000 malicious URL addresses were found. In addition, the growing number of users Internet contributes to the growth of the cybersecurity industry around the world.

At the end of 2019, a little more than half of the world's population used the Internet, but among young people (aged 15-24 years) this share increased to more than 69%. In addition, increased use of mobile phones, improved Internet connectivity, and machine-to-machine (M2M) interaction require high data security, which in turn should also increase market demand for cybersecurity.^[2]

Cloud solutions account for 41% of the global information security market

In 2021, the global market for products and cloud services for information security amounted to $32 billion against $30 billion a year earlier. The share of the cloud services segment (SECaaS, security as a service) during this time increased from 34% to 41%, the analytical company J'son & Partners Consulting reported on January 10, 2022.

In the consumption structure of security products provided according to the traditional model, the main contribution is given by subscriptions to advanced functionality, and cyber security not hardware sales, which brings the traditional model closer to the cloud in terms of monetization principles.

At the same time, the cloud segment is growing faster than the entire global information security market, which is largely facilitated by the following factors:

• Rapid growth of cloud application users and migration of business-critical applications back-end to public and hybrid clouds
• a rapid rise in the share of encrypted traffic in the WAN, which complicates its inspection;
• adaptive cyber attacks and a large number of events generated by various cybersecurity functions, and, as a result, the need to implement deep real-time analytics on these events and develop an adequate response to attacks, which is possible only using public clouds;
• low penetration of modern cybersecurity tools as a limitation of the traditional model of providing cybersecurity functions.

As for the barriers to the cloud segment, analysts include them:

• concentration of the lion's share of corporate data "on the edge" - on corporate user devices and in corporate data centers;
• presence of a significant fleet of installed hardware and software systems, the penetration of which is especially high (close to 100%) in large enterprises and organizations;
• the high unit cost of security functions provided under the SECaaS model, which restrains their penetration into the segment of small and micro-enterprises, where this model is most in demand and has practically no competition from already installed hardware and software systems;
• smaller nomenclature of functions available in the cloud model relative to the on-premium model.

According to the researchers, the factors restraining the development of the global SECaaS market are significantly weaker than growth drivers, and basically represent the "childhood diseases" of the emerging SECaaS market.

In their work, the experts considered segments such as inter-network screens, unified threat management (UTM), URL filtering, web application protection functions, data leakage prevention, VPN gateways, Security Operation Center (SOC) technologies, etc.

It is noted that the development of a cloud model for providing cybersecurity functions leads to the fact that three main types of suppliers are formed on the global market:

• new specialized players, initially focused on the SECaaS and SD-WANaaS model: Akamai, Cloudflare, ZScaler, Mimecast, Proofpoint, Qualys, VeloCloud, Aryaka, etc.;
• traditional vendors of network and information security products that develop the cloud model both through partners and directly: Cisco, Palo Alto Networks, Fortinet, F5 Network, Check Point Software, Trend Micro, Symantec, FireEye, Barracuda and many others;
• business application vendors such as Oracle, SAP and Microsoft migrating towards SaaS and developing SECaaS as a way to provide secure managed access to business-critical applications deployed in public and hybrid cloud environments.^[3]

Market volume growth of 66% to $202 billion - Accenture

Accenture According to a September 2019 estimate, the services market is cyber security growing at a pace similar to Digital and markets. IT Accenture predicts that by 2021 the volume will of the global information security market increase by 66% and amount to $202 billion. More. here

2020

Information security spending up 6.4% to $133.78 billion - Gartner

Global spending on Integrated information security risk management (IRM) systems in 2020 reached $133.78 billion, which is 6.4% more than a year earlier. This is evidenced by the data of analysts. Gartner

According to them, the "high growth rates" of the information security market reflect the continued demand for technologies for remote work and cloud security.

Companies are still trying to meet security and regulatory requirements with public cloud services software provided as a service and [SaaS - approx.], TAdviser Says Lawrence Pingree, Managing Vice President of Research at Gartner. - If we talk about the future, then we see the first signals of the market in the direction of increasing automation and further introduction of technologies and. machine learning artificial intelligence Organizations attacks will expand and standardize threat detection and response to combat threats.

According to a Gartner survey, the top priority in new spending is: cyber security 61% of more than 2,000 Chief information officers surveyed decided to increase investment in information security.

Security services, including consulting, equipment support, implementation and outsourcing, represent the largest spending category in 2020, estimated at more than $65 billion. In second place are infrastructure protection costs, recorded at $20.5 billion.

The third largest spending item for companies in the field of cyber defense is network security equipment. A little more than $15.6 billion was spent on it in 2020. Gartner also points to $12 billion in spending on identity and access control systems.

Sales of software for protecting consumer devices in 2020 are estimated at $6.51 billion. The implementation of data protection solutions amounted to $2.98 billion, and the smallest but fastest growing category was cloud security technologies, the cost of which in 2020 amounted to $595 million.

Gartner analysts among the most promising developments in the field of cloud information security distinguish three technologies: SASE, CSPM and CASB.

Use Cloud Security Posture Management (CSPM) solutions to manage hybrid and multi-cloud environments that protect and monitor solution collaboration from multiple IaaS or PaaS vendors (including access control, compliance policies, operational monitoring, incident response, risk identification and visualization, and asset inventory and classification).

In turn, Cloud Access Security Broker (CASB) solutions are designed to protect data in cloud applications: they are placed "between" consumers and cloud service providers and serve to ensure uniform enterprise security policies when accessing cloud resources.

Secure Access Service Edge (SASE) combines cloud services, software-defined networking capabilities, and security into a single service model.

The study notes that the segment of cyber risk management technologies in 2020 showed steady growth due to the risks associated with the global crisis caused by the COVID-19 coronavirus pandemic.

Areas of significant risk that will drive demand [for IRM systems - note TAdviser] are associated with the emergence of new digital products and services and their use for health and safety, as well as third-party risks such as customer data leaks or attacks on supply channels, said Gartner senior research director John Wheeler[4]

Investments in information security startups reached $7.8 billion

Investment in cybersecurity startups reached a record high of $7.8 billion in 2020. The growth was primarily caused by US activity - investments in the sector increased by 22% in 2020 compared to 2019. By comparison, the total amount of venture capital investment over the same period was 15%. The United States accounted for 76% of all global cybersecurity funding in 2020, which is $5.9 billion, according to Crunchbase data.

Unlike the overall venture capital market, 39% of cybersecurity project funding was directed to start-ups in the early stages of development. Globally, this figure has grown to 45%.

Geographic diversity is not impressive, Crunchbase reported, as the U.S. and Israel combined accounted for nearly 90% of all venture capital funding for cybersecurity companies in 2020.

The UK accounted for just over 3% ($262 million) of venture capital investments in cybersecurity in 2020, mainly thanks to a $80 million Series C round for Privitar, which develops solutions to preserve data privacy.

The Crunchbase report says that in 2020 there were six new unicorn companies in the field of cybersecurity, that is, startups with an estimate of more than $1 billion, which is the highest figure ever. Five companies are based in the United States, another, Cato Networks, is based in Israel. In 2021, by April, the number of new unicorn companies in the cybersecurity sector had already reached nine.

The main investor in cybersecurity startups in 2020 was Accel, followed by Insight Partners, Techstars and Y Combinator. The last two companies invested in start-ups at an early stage of development. The list also includes the Israeli company OurCrowd and the Singapore company Singtel Innov8.

Obviously, we had an unprecedented, quick and unexpected experiment, a transition to a decentralized workforce, "said Hank Thomas, CEO of venture capital firm Strategic Cyber ​ ​ Ventures, in an interview with SiliconANGLE. - It has pushed cybersecurity strategists and operators to transform and create new security controls that are designed to protect more actively used communication channels, as well as facilities where people are increasingly storing data and working with analytics.

Although 2020 was characterized mainly by "tactical movements to keep up with the unexpected and rapid transition to virtual," he added, "in the rest of 2021 and 2022, we will see more steps at the operational and strategic level, as a new, more sustainable security system will be created to support a hybrid working environment."

According to Thomas, this could spur even greater consolidation of platforms that specialize in cybersecurity.

Larger tech companies, cybersecurity companies, SPACs and private equity firms should be expected to be major players in this tie-up, he added.

Salesforce Ventures managing director Robert Keith noted that the cybersecurity industry is reaching new heights for several reasons. According to Keith, companies have changed the way they work and communicate with customers and employees, which required new data protection solutions and startups that can provide such products.

Keith argues that platforms and tools that help with collaboration and email protection, video conferencing and messaging should continue to be of interest to investors.^[5]

Growth in cybersecurity spending by 10%, to $53 billion - Canalys

In 2020, companies around the world invested about $53 billion in information security (information security), which is 10% more than a year earlier. Such data led to the research company Canalys.

They noted that in terms of growth rates, information security solutions were ahead of many other segments of the IT industry. Only sales of cloud products (+ 20%) and services for building a cloud infrastructure increased more strongly, which is associated with a surge in demand for such solutions in the context of the COVID-19 coronavirus pandemic.

Companies have begun to spend more money on cybersecurity amid growing data breaches. In 2020, according to Canalys estimates, the business lost more than 30 billion records from its databases, which is twice the volume of leaks in 2019. At the same time, the average size of the leak on a global scale increased from 81 million to 101 million records.

Cybersecurity should be the focus of digital plans, otherwise there will be a massive disappearance of companies, which will jeopardize the economic recovery after COVID-19, says Canalys lead analyst Matthew Ball. - Declining attention to cybersecurity already has serious consequences, escalating the current data breach crisis and accelerating. attacks viruses extortioners

The study notes that the ransomware attacks in 2020 had tragic consequences, since medical institutions were deliberately attacked with their help. Several prominent organizations ceased operations in 2020 due to the COVID-19 pandemic, and surviving companies had to quickly adapt to new working conditions. This often happened to the detriment of cybersecurity and bypassing long-standing corporate policies, as a result of which many organizations were attacked by highly organized and sophisticated hackers.

According to experts, due to inattention and low digital literacy, employees go through phishing links, use unsafe passwords, try to fight ransomware viruses on their own - for example, they pay blackmail attackers to provide keys to decrypt data that they usually do not receive anyway.

Experts say that on the one hand, internal violators have intensified, who felt that in the digital era, data has become a liquid commodity on the black market and can be earned on it. On the other hand, cases of illegal use of personal information, including for fraudulent purposes, began to be identified more often due to the development of corporate security systems and the active work of relevant services.

A significant share of information theft this year is associated with the coronavirus pandemic - dozens of cases of data leaks of patients with COVID-19, contact persons, violators of the self-isolation regime and tourists who returned from abroad during the epidemic were recorded.

The COVID-19 pandemic forced people to stay at home and make more purchases through, and Internet business owners to urgently establish or expand online sales. At the same time, many retailers were not ready for such a rapid development of events and did not have the opportunity to qualitatively prepare the infrastructure for ensuring the safety of personal data.

Network security remained the largest segment of the information security market - it accounted for 36% of the total amount of information security expenses in 2020. At the same time, there was a decline in this direction, which Canalys associates with a change in priorities. Purchases of traditional network security hardware are fading into the background, as organizations need to increase the cost of cyber protection against new vulnerabilities arising from the dispersal of personnel who have switched to remote work.^[6]

2019

Global information security market reaches $120 billion

The global information security hardware, software and services market reached $119.9 billion in 2019, P&S Intelligence analysts calculated. According to them, sales of such solutions increased, but experts did not name the dynamics.

The rise of the market in P&S Intelligence is associated with a rapid increase in the volume of data in the business environment, the spread of cyber attacks and data leaks, as well as the demand for solutions for ensuring a high level of information security.

In addition, the sale of information security technologies is stimulated by the development of equipment for the Internet of Things and other "smart" tasks, the growing market for Internet commerce and changing regulation in the field of data.

There are also factors that hinder the market: a lack of highly qualified specialists and due diligence in the field of information security, as well as risks associated with data protection in the cloud and the Internet of Things. Another problem is that big data security is not considered by the company as a comprehensive measure, especially among representatives of small and medium-sized businesses, the study says.

The following companies were named the leaders of the information security market by analysts:

• Trend Micro;
• Cisco;
• FireEye;
• McAfee;
• Check Point Software Technologies;
• Palo Alto Networks;
• Fortinet;
• Broadcom;
• IBM;
• Juniper Networks.

According to experts, in 2019 there was a surge in information security costs in healthcare, and this trend will continue in the future. There are several reasons: the desire of medical institutions to provide better patient care, compliance with government requirements, the use of cloud software, the introduction of tools for remote control of patients and the use of advanced IT solutions, including the Internet of Things and machine learning.^[7]

Market size - $120.93 billion; half occupied by services

The volume of the global market for solutions for information security (information security) and cyber risk management in 2019 reached $120.93 billion, according to data from the analytical company Gartner.

More than half of the market falls on information security services, global spending on which in 2019 amounted to $61.98 billion. The second largest category is technology to protect infrastructure: their annual sales were $16.52 billion.

Approximately $13.39 billion was spent on equipment designed to provide cyber protection for networks. Sales of consumer information security software in 2019 reached $6.25 billion,  Identity and Access Management (IAM) solutions - $9.84 billion.

The study also talks about sales of funds for protecting applications and data in the amount of $3.1 billion and $2.66 billion, respectively. Global spending on cloud security tools amounted to $439 million, and spending on risk management solutions reached $4.56 billion.

The COVID-19 coronavirus pandemic began to affect the information security market in the first months of 2020. At the same time, experts say that the expansion of the use of cloud technologies and subscription services favors some segments of the information security market. About 12% of information security projects implemented in 2019 were built on cloud computing. At the same time, approximately 50% of products were transferred to the cloud delivery model, including email services and firewalls.

According to the researchers, the cloud delivery model is attractive for both information security software developers and end users. The appeal of this model is achieved mainly by potentially increasing transparency, using more flexible business models and subjective ease of operation. However, the availability of these benefits largely depends on the ability of software publishers to effectively monitor and control their applications - using automated procedures and maintaining high operational efficiency.

All this indicates that the introduction of effective licensing and rights management methods is becoming the main factor in the success of monetizing security software in the cloud. For software publishers moving to the cloud model, that is, working in hybrid mode, the presence of a platform that supports application delivery both using the traditional model and in the cloud is an absolute prerequisite, the study says.

As for the negative consequences of the COVID-19 coronavirus, they most strongly affect sales of network security equipment, including firewalls and intrusion detection and prevention systems (IDPS).

According to analysts, until 2019, the information security market grew more rapidly, and several factors contributed to this. Among them are a growing number of cyber threats, raising awareness of information security protection and market regulation.

In addition, the growing global economy provided companies with the financial opportunities to invest in new digital processes and security needed to strengthen businesses. However, after the outbreak of the coronavirus COVID-19, the global economy was severely undermined, the cybersecurity market was also affected.

Due to the coronavirus pandemic, the commercial and public sectors have begun to cut costs, including information security. According to analysts, information security budgets will be reduced and frozen, the timing and cost of implementing these projects will increase, but risks will also increase.^[8]

Investments in information security companies fell 23% to $5 billion

According to the National Venture Capital Association (NVCA), in 2019, investments in information security startups amounted to $5 billion, while in 2018 the figure was $6.5 billion. We are talking about investments in companies that are engaged only in cybersecurity and do not develop other technologies.

As reported in the report, venture investors are investing in a variety of computer security technologies - from platforms to pay premiums for detecting vulnerabilities in programs to diagnostics and automated program testing. But they are most attracted by authentication and identity management technologies - about $900 million was invested in startups engaged in these technologies at the end of 2019.

Investments in information security training startups reached $418 million in 2019, which was largely facilitated by KnowBe4, which raised $300 million. This startup offers a platform for simulating phishing attacks and a number of training programs.

About $412 million in 2019 was received by companies involved in the security of the Internet of things. SentinelOne is the leader in this category in terms of investment, which in 2019 received $120 million for the development of endpoint protection technologies.

At the same time, Metacurity analysts provide other data characterizing the situation in the venture financing market in the information security sector. In 2019, the volume of investments here reached $6.57 billion, increasing from $3.88 billion in 2018. The number of transactions also increased - from 133 to 219. At the same time, the average volume of investments in per transaction practically did not change and amounted to 29.2 million at the end of 2019, according to Metacurity.^[9]

2018

Up 9% to $37bn - Canalys

In 2018, sales of equipment software and services intended for (information security information security) reached $37 billion, an increase of 9% compared to a year ago ($34 billion). Such data were released by analysts on March 28, 2019. Canalys

While many companies prioritize protecting their assets, data, endpoints, networks, employees and customers, cybersecurity accounted for only 2% of total IT spending in 2018, they said. However, more and more new threats are emerging, they are becoming more complex and more frequent, which provides manufacturers of information security solutions with new opportunities for growth. It is expected that in 2020, total cybersecurity spending will exceed $42 billion.

Canalys analyst Matthew Ball believes that the transition to new models for implementing information security will accelerate. Customers are changing the nature of their IT budgets using public cloud services and flexible subscription-based services.

About 82% of information security deployment projects in 2018 were related to the use of traditional hardware and software. In the remaining 18% of cases, virtualization, public clouds and information security services were used.

By 2020, the share of traditional models for deploying information security systems will decrease to 70%, as new solutions are gaining popularity on the market.

Vendors will need to create a wide range of business models to support this transition, as different products are suitable for different types of deployments. The main challenge today for many is to make the new models more partner channel oriented and integrate them with existing partner programs, especially with customer operations through cloud platforms. Some cloud Marketplaces have already responded by allowing partners to offer individual offers and prices directly to customers, tracking deal registrations and discounts, Matthew Ball said in a March 29, 2019 publication.

According to Canalys analyst Ketaki Borade, leading manufacturers of cyber defense technologies have introduced new product distribution models that involve companies switching to a subscription scheme and increasing operations in the cloud infrastructure.

Canalys called Cisco the world's largest manufacturer of information security products. The top three were Palo Alto Networks and Check Point Software Technologies. The top ten vendors accounted for 53% of product deliveries, and the next 20 companies - 21%.

Ketaki Borade notes that Cisco, Palo Alto Networks, Barracuda Networks and Check Point are the largest information security service providers within the AWS Marketplace digital catalog, offering virtual solutions with hourly and weather pay. While this business generates a fraction of the revenue, it grows the fastest.^[10]

Barracuda Networks, Trend Micro and F5 Networks are also widely represented on cloud sites, highlighting their early step towards adopting new deployment models, the expert said.

According to preliminary data from IDC, the information security market in 2018 exceeded $92.1 billion, rising 45% compared to the previous year. In 2022, it is expected to grow to $133.7 billion, and spending on hardware, software and services for cybersecurity will increase by an average of 9.9% annually, researchers predict.

M&A deals hit record $15.5 billion

In 2018, the highest volume of M&A transactions in the cybersecurity market was registered - 183 contracts worth $15.5 billion. Moreover, private companies participated in 96% of transactions. This was reported in the consulting company Momentum Cyber, specializing in the field of information security.

The cybersecurity market remained very dynamic and showed record activity of transactions and their volume in response to growing regulatory and technical requirements, as well as the continuing widespread risk of data leakage, says Eric McAlpine, co-founder and managing partner of Momentum Cyber ​ ​. - We believe this momentum will continue to push the sector into new territory as it seeks to counter emerging threats and consolidates in the face of supplier fatigue and growing skills shortages.

Venture investment in cybersecurity technology developers and related service providers reached approximately $6.2 billion in 2018, an increase of $1.1 billion compared to the previous year.

Most often, investors invested in startups specializing in Identity and Access Management, cyber threat intelligence and information security consulting services. Interest in Managed Security Service Provider (Managed Security Service Provider) providers has dropped dramatically.

Momentum Cyber also noted a record market size IPO in the field of information security thanks to the listing of companies such as Avast Carbon Black,, and Tenable. SolarWinds On Zscaler average, the amount of funds raised under the listing amounted to $364 million.

The report also reports that many of the 3,000 vendors operating in the $100 billion market have decided to attract funding in the hope of increasing revenues and strengthening competitiveness.^[11]

2017

Information security expenses exceeded $100 billion

In 2017, global spending on information security (IS) - products and services - reached $101.5 billion, research firm Gartner said in mid-August 2018. At the end of 2017, experts estimated this market at $89.13 billion. What is the reason for the significant increase in the assessment is not reported.

Information security directors are committed to helping their organizations safely use technology platforms to become more competitive and drive business growth, says Gartner research director Siddharth Deshpande. - A continuing shortage of qualified personnel and regulatory changes such as the General Data Protection Regulation (GDPR) in Europe are fueling further growth in the cybersecurity services market.

Experts believe that one of the key factors contributing to increasing information protection costs is the introduction of new methods for detecting and responding to threats - they became the highest security priority for organizations in 2018.

According to Gartner estimates, in 2017, organizations' spending on cyber defense services on a global scale exceeded $52.3 billion. In 2018, these costs will rise to $58.9 billion.

In 2017, companies spent $2.4 billion on application protection, $2.6 billion on data protection, and $185 million on cloud protection.

Annual sales of Identity and Access Management solutions were 8.8 billion. The implementation of IT infrastructure protection tools increased to $12.6 billion.

The study also refers to costs of $10.9 billion for equipment used to ensure network security. Their manufacturers earned $3.9 billion on information security risk management systems.

Consumer information security expenses for 2017 were estimated by analysts at $5.9 billion, according to a study by Gartner.^[12]

Gartner estimated market size at $89.13 billion

In December 2017, it became known that the global spending of companies on information security (information security) in 2017 will amount to $89.13 billion. According to Gartner, corporate cybersecurity costs by almost $7 billion will exceed the 2016 amount of $82.2 billion.

Experts consider information security services to be the largest item of expenses: in 2017, companies will allocate over $53 billion for these purposes against $48.8 billion in 2016. The second largest segment of the information security market is solutions for protecting infrastructure, the cost of which in 2017 will amount to $16.2 billion instead of $15.2 billion a year ago. Network security equipment is in third place ($10.93 billion).

The structure of information security expenses also includes consumer software for ensuring information security and an Identity and Access Management (IAM) system. Gartner estimates the costs in these areas in 2017 at $4.64 billion and $4.3 billion, while in 2016 the indicators were at the level of $4.57 billion and $3.9 billion, respectively.

Analysts expect a further rise in the information security market: in 2018, organizations will increase the cost of cyber defense by another 8% and allocate a total of $96.3 billion for these purposes. Among the growth factors, experts listed the changing regulation in the information security sector, awareness of new threats and the reversal of companies to a digital business strategy.

In general, the cost of cybersecurity is largely due to the reaction of companies to information security incidents, because around the world the number of resonant cyber attacks and information leaks that affect organizations is growing, "says Ruggero Contu, Research Director of Gartner.

Among the recent cyber incidents that directly affected information security costs, the specialist named the attacks viruses-encoders WannaCry and, NotPetya as well as the largest at the data breach credit bureau. Equifax

The analyst's words are also confirmed by the data obtained by Gartner in 2016 in a survey with the participation of 512 organizations from eight countries of the world:, Australia,, Canada,, and France Germany. India Singapore USA

53% of respondents called information security risks the main driving force behind the increase in cybersecurity costs. Of this number, the highest percentage of respondents said that the threat of cyber attacks most of all affects decision-making on information security costs.

Gartner's 2018 forecast calls for increased spending across all major areas. So, about $57.7 billion (+ $4.65 billion) will be spent on cyber defense services, about $17.5 billion (+ $1.25 billion) on infrastructure security, $11.67 billion (+ $735 million) on network protection equipment, $4.74 billion (+ $109 million) on consumer software) and on IAM systems - $4.69 billion (+ $416 million).

Analysts also believe that by 2020, more than 60% of organizations in the world will invest simultaneously in several data protection tools, including information loss prevention, encryption and audit. As of the end of 2017, the share of companies purchasing such solutions was estimated at 35%.

Another significant item of corporate costs for information security will be the involvement of third-party specialists. It is expected that against the background of a shortage of personnel in the field of cybersecurity, the growing technical complexity of information security systems and an increase in cyber threats, the costs of companies for information security outsourcing in 2018 will increase by 11% and amount to $18.5 billion.

According to Gartner's calculations, by 2019, corporate costs for the services of third-party information security experts will amount to 75% of the total cost of cybersecurity software and equipment, while in 2016 this ratio was at the level of 63%.^[13]

IDC predicts market size of $82 billion

Analyst firm IDC predicts that spending on cyber defense worldwide will reach $81.7 billion in 2017, up 8.2% from 2016. By 2020, the market volume will exceed $100 billion.

According to IDC's forecast, in 2017, vendors of security-focused software and hardware will earn $81.7 billion. IDC also expects to maintain dynamics: the total annual growth rate (STGP) in the next three years will be 8.7% and by 2020 will reach $105 billion.

The rapid growth of digital transformation is forcing companies across all industries to invest in security to guard against known and unknown threats, says Eileen Smith, IDC's Program Director for Consumer Assessment and Analysis. - At the global level, banks, discrete production and organizations associated with central governments will spend the most on hardware components, software and services in the period 2015-2020. Collectively, these three sectors will provide [producers] with about 30% of global revenues in 2017.

According to IDC forecasts, three more industries - continuous production, professional services and telecommunications - will spend about $5 billion on security-related products in 2017.

Information Security Market Segment	Segment volume, $ billion
Network Security	18,4
Managed Security Services	17,2
Endpoint Security	13,1
Integration services	11,5
Consulting Services	8,9
Other	30,9

Source: IDC, 2017

Most of the security costs will fall on the service segment: companies will spend about $31.2 billion on integration and consulting services, as well as information security management services in 2017, which will amount to about 38% of the global value. The largest expense will be network security ($15.2 billion), the protection of workstations and personal devices will be in second place - $10.2 billion.

Categories of technology that will have to show the greatest growth through 2020:

• Hardware Vulnerability Assessment Software (16% HCP)
• Software Vulnerability Assessment (14.5%)
• Information Security Management Services (STGP 12.2%)
• User Behavior Analysis (12.2% STGP)
• Unified Threat Management (11.9% STGP)

The largest market from a geographical point of view will remain the United States ($36.9 billion in 2017), in second place - Western Europe ($19.2 billion), in third - the Asia-Pacific region minus Japan - 18.5%.

Two-thirds of the costs will fall on companies related to large and very large businesses. By 2019, according to IDC analysts, the size of the expenses of corporations with a staff of more than 1000 people will overcome the $50 billion mark.^[14]

2016: Market Size $73.7 Billion, Growth 2 Times IT Market

In October 2016, the analytical company IDC presented brief results of a study of the global information security market. Its growth is expected to be higher for the widow than the IT market.

The IDC calculated that global sales of equipment, software and services for cyber defense will reach about $73.7 billion in 2016, and in 2020 the figure will exceed $100 billion, amounting to $101.6 billion. In the period from 2016 to 2020, the information security technology market will grow by an average of 8.3% annually, which is twice the expected growth rate of the IT industry.

Today's security situation is such that companies are afraid of becoming a victim of another major cyber attack or cyber violence, says IDC analyst Sean Pike. - As a result, security has become the subject of close attention of directors who require information security budgets to be spent wisely and decisions to work as efficiently as possible.

The largest information security expenses ($8.6 billion) in 2016 are expected in banks. The second, third and fourth places in terms of such investments will be occupied by discrete production enterprises, state bodies and continuous production enterprises, respectively, which will account for about 37% of expenses.

Analysts give leadership in the dynamics of the increase in information security investments to healthcare (in 2016-2020, an average annual growth of 10.3% is expected). The costs of cyber protection in telecom, housing, government agencies and the investment and securities market will rise by about 9% per year.

Researchers call the largest information security market American, the volume of which in 2016 will reach $31.5 billion. The top three will also include Western Europe and the Asia-Pacific region (excluding Japan). There is no information on the Russian market in the short version of the IDC study.^[15]

Dmitry Gvozdev, CEO of the Russian company Security Monitor, predicts an increase in the share of services in total Russian security spending from 30-35% to 40-45%, and also predicts the development of the client structure of the market - from the total predominance of the state, financial and energy sectors towards medium-sized enterprises from a wider range of industries.

One of the trends should be the development of the share of domestic software products in connection with import substitution issues and the foreign policy situation. However, how much this will be reflected in financial indicators will largely depend on the ruble exchange rate and the pricing policy of foreign vendors, which still occupy at least half of the domestic software solutions market and up to two-thirds in the equipment segment. The final annual financial result of the entire Russian information security market can also be tied to external economic factors, "Gvozdev said in a conversation with TAdviser.

2015: Market Size $75 Billion

MARKET SIZE

•   Worldwide spending on information security will reach $75 billion for 2015, an increase of 4.7 % over 2014, according to the latest forecast from Gartner, Inc Gartner Press Release, STAMFORD, Conn., September 23, 2015 "Gartner Says Worldwide Information Security Spending Will Grow Almost 4.7 Percent to Reach $75.4 Billion in 2015".^[16] 
•   ^[17]

FEDERAL SPENDING

• Demand for vendor-furnished information security products and services by the U.S. federal government will increase from $8.6
•   ^[18]

CYBER CRIME

• Cyber-attacks are costing businesses $400 to $500 billion a year, and does not include the large number of cyber-attacks which are not reported. ^[19]

COST-PER-BREACH

•       The most costly breaches continue to occur in the U.S. and Germany at $217 and $211 per compromised record, respectively.       India and Brazil still have the least expensive breaches at $56 and $78, respectively.
• The cost of data breach varies by industry.  The average global cost of data breach per lost or stolen record is $154.  However, if a healthcare organization has a breach, the average cost could be as high as $363, and in education the average cost could be as high as $300.   The lowest cost per lost or stolen record is in transportation ($121) and public sector ($68). ^[20]

FINANCIAL SERVICES

• According to the `Banking & Financial Services Cybersecurity: U.S. Market 2015-2020 Report`, published by Homeland Security Research Corp. (HSRC), the 2015 U.S. financial services cybersecurity market will reach $9.5 billion, making it the largest non-government cybersecurity market. ^[21]

International

•  The Asia-Pacific mobile security market is expected to garner $7.5+ billion by 2020, registering a CAGR of nearly 43% during 2015 to 2020 , according to ApacMarket.com.^[22]

SECURITY ANALYTICS

•  According toIDC, (this link doesn’t take me to the report) the hot areas for growth are security analytics / SIEM (10 % );   threat intelligence (10 % +); mobile security (18 %) ;^[23]

2013: The information security market in EMEA grew to $2.5 billion.

The security market of the region EMEA (, Middle Europe East and) Africa grew by 2.4% compared to 2012 and amounted to $2.5 billion. The largest and fastest growing segment of the market under consideration, analysts called multifunctional software and hardware complexes for protecting computer networks - UTM solutions (Unified threat management). At the same time IDC , he predicted that the technical means market information security by 2018 will reach $4.2 billion in value terms with an average annual growth of 5.4%.

According to the results of 2013, Check Point took the leading position among suppliers in terms of sales of information security technical tools in the EMEA region. According to IDC, the vendor's revenue in this segment for 2013 increased by 3.8% and amounted to $374.64 million, which corresponds to a market share of 19.3%.

2012: PAC Forecast: Information Security Market to Grow 8% Annually

The global information security market will grow annually by 8% until 2016, when it could reach 36 billion euros, a PAC study from September 2012 reported.

The main growth drivers, according to analysts, will be the segments of cloud computing and mobile platforms. In particular, one of the most developing industries will be so popular now electronic banking services.

"Information security has become the most important criterion for modern information systems. There is no development of the digital economy without digital security, trust, "said Mathieu Pouyol, chief consultant at the Cloud and Middleware PAC

.

• Infrastructure

Infrastructure security is one of the leading segments of the information security market, while the most mature with rather moderate growth. Thus, according to analysts, the segment will grow by 2016 to 12 billion euros compared to 9.5 billion euros in 2012.

• Safety systems

The security segment is developing more vigorously than the infrastructure. Its dynamics is about 7% per year. According to PAC forecasts, growth will be 2.5 billion euros by 2016, and the segment will reach 11 billion euros.

• Content

This is another rapidly developing segment that will continue to show rapid growth in the near future, PAC analysts are sure. The segment will grow by €2 billion through 2016 and could reach €7 billion, up from €5 billion in 2012.

• Management

One of the smallest segments of the global market for information security so far. However, according to the PAC, it is he who by 2016 can show the highest dynamics. PAC analysts forecast segment growth from €4 billion in 2012 to €6 billion in 2016.

"Clouds and mobility will continue to be a major driving and developing force in the market for a long time. Among other trends that are quite closely related, the PAC sees an increase in the maturity of business users (users tend to be more risk aware), a shift to IT services as well as an outsourcing model, "Pouyol said.

2010: Sales of information security services $31.1 billion

The global information security services market will reach $35.1 billion in 2011, compared to $31.1 billion in 2010, according to a Gartner report. The research company predicts that this market in 2012 will amount to $38.3 billion, and in 2015 - $49.1 billion.

According to Lawrence Pingree, director of research at Gartner, the information security market has been changing very rapidly in recent years: the number of provider companies that offer technology as a service is growing, as well as customers who increasingly prefer the SaaS model as a method of reducing costs and consolidating resources for more strategically significant security initiatives.

The IT management subsegment of the information security services market, according to Gartner forecasts, will grow from $8 billion to $14.9 billion by 2015, it will almost double in volume. It will also become the largest segment of the market.

In 2010, Gartner gave the following forecasts:

• the consulting segment will grow from $9.64 billion in 2011 to $10.2 billion in 2011, and by 2015 to $12.15 billion.

• development and integration segment - from $11.31 billion in 2011 to $11.94 billion in the future and $13.74 billion over the next five years.

• smaller segments - software support and technology support - will increase from $5 billion to $6.94 billion from 2011 to 2015 and from $1.1 billion to $1.4 billion, respectively.

The largest regional market for information security services in 2010 was North America: in 2012, $14.6 billion will be spent on security services here, and in 2015 - already $19 billion.

In Western Europe, spending on services of this kind reached $11.9 billion in 2012 and $14.4 billion in 2015.

The cost of security services in Japan will be $5.1 billion in 2012 and $5.9 billion in 2015.

Finally, in the Asia-Pacific region, they will grow from $4.7 billion in 2012 to $7 billion in 2015.

Analysts believed that it makes sense for small rapidly growing vendors to focus on the North American market, where there is the most positive growth and high demand for security services. Gartner analysts felt they should also continue to invest in other emerging regions. As for larger providers that already have strong positions in North America, they are encouraged to focus on regional expansion.

Notes