Posts

Opportunities abound for enterprise security vendors as customers adapt their IT to the new COVID-19 world

Opportunities abound for enterprise security vendors as customers adapt their IT to the new COVID-19 world

Key insights

COVID-19 rapidly increased the need for enterprise security in remote and edge environments to enable remote employees to work securely.

Many multiline vendors in the enterprise security market also sell data center infrastructure and attach enterprise security sales to hardware sales to provide customers with complete solutions. Data center hardware backlogs therefore slowed some near-term sales for these vendors, which will be remedied in 2H20.

IBM maintained its position as the revenue leader among benchmarked enterprise security vendors in 1H20. 

TBR’s Security Benchmark provides clients a deep dive into the enterprise security market, highlighting the financial performance of public and private, multiline, and pure play vendors within the industry.

While challenges persist for security vendors due to COVID-19, opportunities abound as customers adapt to the new world

Acquisition sprees continue despite economic woes

As noted in TBR’s 1H20 Security Benchmark, consolidation continues in the enterprise security market as customers continue to seek to work with fewer vendors to secure their IT portfolios. This encourages larger firms to make tuck-in acquisitions to meet customer demands. COVID-19 rapidly increased the need for enterprise security in remote and edge environments to enable employees to securely work remotely.

Logistical challenges with hardware shipping threaten multiline vendors’ ability to deliver solutions

Many multiline vendors in the enterprise security market also sell data center infrastructure and attach security sales to hardware sales to provide customers with solutions. The logistical and supply chain challenges that data center hardware vendors encountered due to COVID-19 hampered their ability to fulfill orders, resulting in a hardware sales backlog in 1H20. However, this backlog will be cleared out in 2H20, which will enable these vendors to realize the revenue. This should, in turn, enable multiline enterprise security vendors to realize the revenue of attached security solutions in 2H20 as well.

New use cases created at the edge amid pandemic

COVID-19 has fundamentally changed how society works, rapidly increasing the demand for new use cases for IT infrastructure as companies swiftly seek new ways to continue to do business. A key example is the emergence of new edge use cases to help slow and monitor the spread of COVID-19, including leveraging surveillance equipment to monitor social distancing and mask wearing as well as assist to assist with contact tracing if a person tests positive. These new uses will result in the need for more technology at the edge and heightened security to protect individuals’ privacy.

TBR’s Security Benchmark provides clients a deep dive into the enterprise security market, highlighting the financial performance of public and private, multiline, and pure play vendors within the industry.

Benchmark security revenue continues to increase, driven primarily by acquisitions in 2H19

Key 2H19 benchmark takeaways

Total benchmarked revenue

Double-digit growth among covered vendors was due to steady industry acquisitions and strong performance from many of the vendors, including IBM (NYSE: IBM), F5 Networks (Nasdaq: FFIV), CyberArk (Nasdaq: CYBR), Fortinet (Nasdaq: FTNT) and Splunk (Nasdaq: SPLK). TBR believes security demand continues to rapidly accelerate as companies execute digital transformation projects and cyber threats continue to increase. The COVID-19 pandemic is resulting in an increase in cyberattacks aimed at multiple verticals such as healthcare and financial services, as institutions are forced to operate online in a greater capacity than prior to the outbreak.

Application security and mobile security segments

Higher demand for email- and web-related security as well as application vulnerability scanning led to an increase in application security segment revenue. The mobile security segment is seeing high revenue growth as the number of mobile devices continues to rise and the need to provide endpoint detection to all mobile and IoT connected devices increases.

TBR’s Security Benchmark provides clients a deep dive into the enterprise security market, highlighting the financial performance of public and private, multiline, and pure play vendors within the industry.

Total benchmarked security revenue increased 13.7% year-to-year to $13.7B in 1H19

Security growth is in early stages as organizations continue to digitize and increase the amount of information put into the cloud

The security market remains in a state of rapid growth as the rise in the amount of data and the increased likelihood of cyber hacks and threats create high demand for security solutions built to protect enterprises and their customers. With rapid growth comes increased competition and M&A activity as vendors consolidate either to improve offerings or to expand into new geographic markets. As companies continue to execute on digital transformation initiatives, cloud security offerings and other managed security portfolios are being sought to address potential threats.

To stay on top of the latest security threats, vendors are continually improving their portfolios through launches of new products and updates to existing solutions. TBR’s benchmark captures these moves, along with other ongoing industry trends and emerging opportunities. In the 1H19 publication, TBR also looks ahead to future security topics, including emerging areas such as quantum security and commercial IoT security trends.

Acquisitions continue to reshape the security landscape, with nontraditional vendors making a larger splash in 2019

The security industry continues to undergo major consolidation as vendors target select security companies to enhance portfolios or expand security offerings into new segments. This rapid M&A activity has been a trend over the past few years, though companies that do not already specialize in enterprise security have become more involved on the acquisition front in 2019. This trend is illustrated by major announcements such as Broadcom’s plans to purchase Symantec’s enterprise security assets or VMware’s plans to spend almost $5 billion to acquire Carbon Black and Pivotal. HP Inc. even announced plans to acquire endpoint security company Bromium in 2H19, as the company looks to improve the security of its device portfolio.

The exponential growth in enterprise data as companies execute digital transformation strategies leads to a rise in demand for data protection solutions

The rise of data in the workplace is causing data security solutions to become more valuable heading into 2020. The rate of new data generated across a multitude of verticals and industries will continue to grow rapidly as AI and machine learning technologies improve. The need to protect this enterprise data from security hacks will continue to increase, opening additional revenue streams for security companies to capitalize on. IBM, Dell Technologies and Symantec are among the vendors already well positioned with established data protection portfolios. TBR expects vendors to emphasize this segment over the next few years, including through targeted M&A and solution enhancements.

TBR’s Security Benchmark is a semiannual publication that analyzes the enterprise cybersecurity market and provides insights around security revenue breakdowns, go-to-market trends and strategies, resource management investments, industry acquisitions and additional M&A activity. The benchmark covers 25 industry security vendors including IBM, Symantec, Check Point, Cisco and Palo Alto Networks, across eight security segments and three global regions.

Cyber liability insurance: Modern security apparatus for modern security threats

Cyber liability insurance: Leveraging an old concept for modern challenges

Despite modern security challenges, there are modern solutions emerging to help customers navigate security risks, reduce risk for enterprises, generate better security hygiene, and perhaps even foster stronger standard bodies. One solution is taking an old concept, insurance, and modifying it for the data age.

Insurance is a concept that has existed since the Babylonians built the hanging gardens, and likely in some form before that. Insurance generally exists in a love-hate relationship with those that are covered. However, it is often deemed essential (or made essential through law) to cover the many what-ifs of life.

We discussed in the prior section several ongoing security challenges related to liability and business risks that are causing customers to reconsider pursuing digital transformation. However, what if customers’ digital footprints were insured? What if damages from a breach were paid through an insurance company, or if an expert recovery team was funded through a policy that would be dispatched as soon as there was an incident? And what if such a policy included damage control and positive marketing services following a breach? This would make customers much more comfortable by mitigating part of the risk associated with taking the technological leap toward digital transformation.

This is not an “aha” moment. Cyber liability insurance already exists on the market. It is defined by the International Risk Management Institute Inc. as:

 A type of insurance designed to cover consumers of technology services or products. More specifically, the policies are intended to cover a variety of both liability and property losses that may result when a business engages in various electronic activities, such as selling on the Internet or collecting data within its internal electronic network.

Most notably, but not exclusively, cyber and privacy policies cover a business’ liability for a data breach in which the firm’s customers’ personal information, such as Social Security or credit card numbers, is exposed or stolen by a hacker or other criminal who has gained access to the firm’s electronic network. The policies cover a variety of expenses associated with data breaches, including: notification costs, credit monitoring, costs to defend claims by state regulators, fines and penalties, and loss resulting from identity theft.

Companies such as Nationwide and Hiscox, among a long list of others, provide it. However, it is hardly brought up in the digital transformation discussion, and TBR believes it has important market impacts as well as drives opportunities for current security vendors. In terms of the market, TBR believes the more mature cyber liability insurance becomes, the faster organizations will adopt digital transformation. It would be beneficial if cyber liability insurance were part of the conversation when a vendor leads a digital transformation implementation, just as car insurance must be a consideration when buying a new car.