To download the full report – please fill up this Google Form

With digitization and Internet becoming the norm for businesses world over, the cybersecurity industry is witnessing three landmark changes toady; the emergence of newer technologies like AI, machine learning and predictive intelligence to combat cyber attakcs proactively, the rise of cybersecurity startups specifically focused on the driverless cars, home automation and the IoT segment, and collaboration among cybersecurity companies and MNCs, and between MNCs to tighten security norms and fight cyber crime with increased fervor

When we compare the digital evolution the world is undergoing today, to the increasing risk of cyber attacks on enterprises, industries and consumers, we can’t help but draw an analogy to the plot of Westworld, a 1973 American sci-fi thriller movie directed by Micheal Crinchton. While the movie unveils the destruction caused by lifelike (human-like) Androids when they are affected by a computer virus, in retrospect, it gives us a peek into the nature of risk we are exposing ourselves to, as we lean on technology and new age practices to stay more connected, make businesses more efficient, and drive greater change in our everyday lives; think driverless cars, home automation systems and smartphone penetration.

Take the recent, often quoted ransomware attacks such as Petya and WannaCry for instance. They spread through networks that use Microsoft Windows and affected more than 200,000+ victims in over 150 countries (particular in Europe and the US) this year. On the other hand was the Sony Pictures Entertainment hack, by a group of hackers called ‘Guardians of Peace’; a case where crucial company information such as username and passwords of social media accounts of major motion pictures, social security numbers of actors and employees, emails and copies of unreleased titles was leaked.

While these are just a handful of cases, as our dependence on technology increases, attacks of such nature are only set to rise in the coming years, thus sounding off a wake up call for the Government, cybersecurity companies and its stakeholders world over to relook at their processes and practices. According to Cybersecurity Ventures, the cybersecurity industry is expected to be more than US $120 billion in 2017, and by 2021, cybercrime is set to cost businesses globally more than US $6 trillion a year, with costs being associated to ‘loss of productivity, IP thefts, theft of personal and financial data, damage and destruction to data, embezzlement ‘and more.

So, what are the factors contributing to the rise in cybercrime today, and what should its stakeholders be aware of, as they step into the next era of digital transformation?

Sub-Categories in Cybersecurity

• Application Security
• Endpoint Security
• Network Security
• Cloud Security
• Wireless Security
• Web Security
• Database Security

Factors Fuelling Cybercrime

The rise in cybercrime can be associated to several factors, key among them being; the increasing penetration of IoT, IIoT (Industrial Internet of Things) and BYOD (Bring Your Own Device), cloud sharing and mobile and smartphone penetration, lack of awareness among enterprises about the importance of cybersecurity, or lack of sufficient knowledge to implement security processes into their network, and existence of old systems which are not cybersecurity-ready.

For example, while companies encourage a practice of employees bringing in their own smartphone or laptop to workplaces, giving them access to crucial information and company-related data, they often don’t incorporate these devices into their own security network, thus exposing them to malicious applications which may seem genuine (such as the Super Mario Run), malicious emails and messages (phishing attacks), targeted attacks and loss of data due to theft of device. In fact, this can also be associated with the lack of awareness around the importance of securing their networks and devices, or the lack of knowledge in implementing security processes into its business. As a report by Kaspersky Lab indicates, the loss due to a ransomware incident can cost a company anywhere around US $713,000 on an average. That being said, with the recent surge of ransomware attacks such as Petya and WannaCry, companies have woken up to the implications of cybercrime; as indicated in a 2017 report by IDC; organizations are set to spend US $101.6 billion on cybersecurity software, services and hardware, with the primary motivator for the increased spends being fear.

When it comes to IoT, the challenge often is with usernames and passwords being easily accessible, thus allowing hackers to remotely control devices, cars and even your own television. Take the 2015 Chrysler incident, for example. The company recalled 1.4 million vehicles, which could be remotely hacked over the Internet; wherein hackers could shut down the engine, cut brakes and even control the steering wheel. IIoT is quite similar to IoT, with the difference being the physical damage caused to industrial machines; such as the Stuxnet virus which affected the Natanz nuclear facility in Iran, by damaging about a fifth of its nuclear centrifuges by making them spin out of control.

As for cloud security, while cloud storage and cloud sharing of information and data presents a great deal of advantages such as lowered costs, faster delivery and better services to clients, organizations have now woken up to the potential threat their information might be exposed to on unsecured, public cloud platforms. In fact, the industry is now seeing a transformation, wherein multinationals, and MNCs and security companies are entering into partnerships to secure their products and services and identify threats quicker; a recent example being the IBM-Cisco partnership to exchange security solutions on both platforms, and the HITRUST (The Health Information Trust Alliance) partnership with Trend Micro (the Japanese security software company), which will gather and analyse potential cyber attacks in the healthcare industry through the HITRUST cyber threat management and response centre.

Emerging Categories in Cybersecurity

• Predictive Intelligence & Artificial Intelligence
• Identity and Access Management
• Cyber Insurance
• Autonomous Systems
• Deception Security
• IoT/IIot Security
• Mobile Security

What Can Stakeholders Expect?

With malware attacks skyrocketing in recent times, there is no time for white papers to be published on past attacks and future course of action. Rather, the need of the hour is for cybersecurity companies to be proactive in their approach to detecting threat early, for the Government to introduce reformed regulations on tackling cyber crime, and for organizations and end consumers to pay more attention to securing their data and networks.

In fact, on the industry front, the advancements in technology and the nature of cyber attacks have also given rise to a new wave of security practices and business streams in the cybersecurity industry. For instance, security has moved beyond just protecting IT infrastructure to offering protection for automobile, healthcare, mobile and the IoT segment. Moreover, the industry is seeing the birth of newer security practices such as predictive intelligence, where cybersecurity companies use predictive analytics to foresee a potential attack and create defenses even before they attack the systems, deception security, where the systems work proactively to deceive the attackers, detect and defeat them, autonomous systems, where the software uses advanced algorithms to works alongside analysts to identify and tackle security threats, cyber insurance, an emerging field wherein insurance products are designed to secure individuals and businesses, by offering them coverage in the event of data destruction, hacking, theft or extortion, and multi-factor authentication, in the identity and access management spaces.

Specifically with respect to investments in the sector, a CB Insights study indicates that the industry saw US $3.5 billion being invested across 400 deals in 2016(mainly seed and Series A rounds), with companies such as Cylance (US $100 million in Series D), Mobi Magic (US $100 million), StackPath (US $180 millionin PE) and LogicMonitor (US $130 million in growth equity) bagging the highest amounts.  Although investments in 2016 has dropped compared to the US$4 million invested in 2015, the general mood among investors seems to be positive; what with the emergence of specialized funds, such as Trident Capital Cybersecurity, Allegis Capital and TenEleven Ventures.

With respect to exits, 2016 witnessed 39 VC-backed startups exit through 38 M&S deals and one IPO, with acquisition deals also being struck by mid-stage companies such as Confer Technologies and Bluebox Security, as by industry giants such as IBM, Cisco, Symantec, Fortinet, Oracle and FireEye. In 2017, there have been 18 exits of VC-backed companies, through 17 M&A deals and one IPO of Okta, a US-based identity management company. An interesting trend in these M&As particularly, is the keen interest security giants are showing towards startups specializing in AI. For example, in 2017 alone, three AI-based startups have been acquired by tech giants; Invincia Labs being acquired by Sophos, Niara being acquired by HP and Harvest.ai being acquired by Amazon.

Top 5 Most Well-Funded Cybersecurity Startups in 2017

• Tenable Network Security – US $302 million
• Tanium – US $295 million
• Lookout – US $281 million
• CrowdStrike – US $256 million
• OpenPeak – US $233 million

(Source: CB Insights)

Secondly, the Government bodies have also begun taking proactive steps in setting up stricter regulations in the face of mounting cyber crimes world over. For example, following the large scale ransomware attacks this year, the European Union is set to replace its 1995 directive on data protection, to launch the General Data Protection Regulation (GDPR) which elicits how companies should manage personal and user data, and the penalties to be levied on companies should there be a breach of regulation; which is slated to be a fine of up to 4 per cent of worldwide turnover or 20 million pounds, whichever is greater.

With the cybersecurity industry touching more than US $120 billion in 2017, and with spends on security pegged to exceed US $1 trillion in the next five years, it poses an interesting challenge to see how far advancements in technology can go hand-in-hand with creating more secure platforms for businesses and consumers to transact in the digital world.

With this in mind, in this report, we speak to an eclectic mix of startups and multinational firms offering specialized and holistic security solutions in the global cybersecurity industry, to understand how they perceive the challenges and opportunities faced in the industry today, the future of the cybersecurity industry, in terms of consolidations, the investment climate and their game plan to be up in arms against the cyber criminals threatening to breach critical data world over. 

Active VC funds in Cybersecurity 2017

• New Enterprise Associates
• Bessemer Venture Partners
• Accel Partners
• Andreessen Horowitz
• Intel Capital

(Source: CB Insights)

10 Global Cybersecurity Giants

• Check Point Software Technologies Ltd.
• Symantec Corp
• Palo Alto Networks
• Verisign Inc
• Splunk Inc
• Fortinet Inc
• Gemalto
• Proofpoint
• Sophos
• FireEye Inc

(Source: BVP Cyber Index – Compiled by Bessemer Venture Partners)

To download the full report – please fill up this Google Form