That cybersecurity has shot to the forefront during a Covid pandemic in which the number of attacks has soared is perhaps no surprise. Nonetheless, the scale of expenditure revealed by the latest report from Bloomberg Intelligence ably illustrates the extent to which organizations are seeking to protect their digital assets.
The report, which highlights that cybersecurity spending is forecast to exceed $200 billion per year by 2024, suggests that the growth in spending is being driven by a transition towards cloud-based security. Within this, the authors forecast particular growth in areas such as endpoint security and network security.
“Cybersecurity spending may top $200 billion by 2024, faster than IDC’s view, amid a step-up in cloud-security adoption, with CrowdStrike best positioned among pure-play companies to benefit,” the report says. “Appliance and on-premise software sales of Cisco, Palo Alto Networks, Check Point and others could get cannibalized as they pivot toward cloud products, a necessity amid remote work and workload migration.”
The rush towards remote work driven by the pandemic has been a major factor in this increase in investment. The market was already worth around $132 billion last year, but the significant investment made during Covid-19 has sent the market soaring upwards as companies scramble to upgrade legacy systems and ensure their distributed workforce is safe and secure from a growing threat landscape.
The report suggests that around 37% of the total cybersecurity market last year was spent on software, with this transition away from hardware-based expenditure likely to continue.
They also highlight the considerable scope for cloud investment in the appliances market, where cloud-based solutions currently only make up 4% of expenditure.
The most mature cloud markets are in identity management, where cloud-based solutions make up 43% of sales, and endpoint analytics, detection and response (EDR), where cloud-based solutions represent 41% of the total market.
“We believe the inefficacy of signature-based antivirus software for protecting PCs and mobile devices is likely to accelerate the cloud shift in the endpoint-security market, where penetration is about 12%,” the authors explain.
Room for improvement
Despite the relatively high penetration levels, the authors argue that there is still a lot of room for growth, especially as cloud penetration in network and endpoint security lags behind that in areas such as customer relationship management and enterprise resource planning. This is a gap that is likely to be closed considerably as a result of the pandemic.
If this transition towards cloud-based solutions continues, it’s likely to cause significant disruption in the market, with incumbents such as Check Point and Symantec coming under threat from pure-play cloud providers, such as CrowdStrike, which is already generating over $1 billion in annual recurring revenue.
“No security company has more than $5 billion in annual sales, unlike other infrastructure and application software segments, where hyperscale cloud providers including Amazon.com, Microsoft, Google and Salesforce.com have run-rates of more than $10 billion,” the authors explain.
A changing market
This is a very real possibility, however, in a time in which cybersecurity is set to become an ever greater part of the IT budget. The wave of cyberattacks seen during the pandemic has given organizations an awareness and a focus on the importance of cybersecurity for their business, with attacks spanning a wide range of areas, including identity, email, networks, and endpoint devices.
The endpoint security market is the most likely to be disrupted by cloud-based solutions. The sector, which is currently worth over $13 billion, is largely serviced by on-premise software, which makes up 90% of the market at the moment.
“We believe antivirus software will be completely replaced by cloud products in the midterm, which may speed up CrowdStrike’s share gains in enterprise security from legacy endpoint incumbents like Symantec (Broadcom), McAfee and Trend Micro,” the authors say. “This trio has about 44% of endpoint security vs. CrowdStrike’s 3%.”
There is also considerable potential growth in the cloud-based identity management market, which BI believe will be worth $4.6 billion in the coming years. Indeed, it could well be the fastest-growing part of the cloud security market as companies move away from traditional passwords and towards a more unified single sign-on that is built around microservices and APIs.
What’s more, the extremely high-profile SolarWinds and Microsoft Exchange Server attacks are only likely to bolster interest in cloud identity-management products to supplant on-premise solutions. With many of the trends that are driving the growth in cloud-based cybersecurity solutions likely to endure, it seems very much that the future of the industry will be played out in the cloud.