A report by Bank of America Merrill Lynch examined investment opportunities for firms in the cybersecurity space.
The market itself is large and growing. Citing data from technology research firm Gartner, BofA estimated the cybersecurity solutions market is currently between $75 billion and $77 billion. It's expected to grow to $170 million by 2020, according to market research firm Markets and Markets.
A big reason for that growth is corporate spending on cybersecurity, especially in the financial services industry, as well as telecoms, technology and manufacturing. "Cyberspend," as BofA put it, budgets have grown nearly twice as fast as IT budgets over the past two years, and firms are spending an average 6% of their overall IT budget on cybersecurity initiatives, compared with 2% in 2010.
The Securities Industry and Financial Markets Association, for its part, recently carried out a cybersecurity exercise called Quantum Dawn 3, with more than 80 participants in the financial sector and government.
Investors are finding increasing opportunity to invest in the cybersecurity market. Cybersecurity startups raised $2.5 billion in 2014 across 224 investments, according to BofA, and there have been 59 M&A transactions between cybersecurity firms. Cybersecurity-related unit investment trusts and ETFs, like PureFunds' Cyber Security ETF (HACK) are also entering the market.
Low-growth areas in the cybersecurity market include endpoint protection platforms and consumer security software, which combined account for 39% of the market, but those are offset by better performance in the security information and event management (SEIM), secure Web gateway, identity governance and administration and enterprise content-aware data loss prevention areas.
Software is the largest segment in the cybersecurity industry, BofA found, at $21.4 billion. It's expected to reach nearly $27 billion by the end of the decade, driven primarily by new freemium models, security appliances, and increased security for cloud operators and mobile devices.
The enterprise market, which serves firms rather than consumers or end users, represents about $15 billion and is forecast to grow to $19.5 billion by 2018. The endpoint security market is expected to grow from $10 billion in 2014 to over $14.5 billion five years later.
By revenue and market share, Symantec is the largest security software vendor, with $3.7 billion in 2014 and 17% market share. However, even though IBM is only the third largest vendor by those measures, growth from 2013 to 2014 far outpaced its competitors: 17% compared with 4.6% for Intel and 5% for EMC.
Much of IBM's growth is driven by SEIM solutions, according to the report. "Security information and event management (SIEM) is defined as applying security analytics to real time events for the detection of targeted attacks and data breaches, and hence logging these for reference to prevent future attacks in an enterprise environment. It is considered a mixture of both software and serviced-based cybersecurity solution."
