October 16, 2012

Cybersecurity – Threats & Investments

As unprecedented volumes of sensitive data continue to migrate towards shared spaces, social networking sites, and cloud platforms, we all become increasingly vulnerable to attack. Consumers and corporations alike place an enormous level of trust in online and database security systems even though the security supporting these platforms may not be secure enough, given what is at stake.

According to Symantec Corporation, there was an 81% increase in malware attacks in 2011 and more than 230 million identities were stolen. Although estimates vary, it is widely accepted that companies in the US alone lose hundreds of billions every year to intellectual property costs and cybercrime. It is no wonder that security is projected to be one of the fastest growing segments of the IT sector over the next five years: the $63.7 billion market in 2011 is expected to grow to $120.1 billion by 2017, an 11.3% CAGR. The U.S. federal cybersecurity market (valued around $65.5 billion) is predicted to grow at a 6.2% CAGR over the next five years, far outpacing the broader US federal IT market which is forecasted to grow only at a 3% CAGR throughout the same time frame.

The frequency and sophistication of attacks and incidences of cybercrime are constantly on the rise. An increase of high profile and widespread attacks by hackers (most notably Anonymous, LulzSec, and AntiSec) has fueled the interest of many companies and government agents to re-assess their security. One recent cyber attack knocked out Sony’s PlayStation network out for 24 days costing the company $171 million. Citigroup suffered from a data breach where the personal information of 360 thousand credit card holders was compromised. MasterCard, Visa, Google, PBS, and the US Senate were all victims of various hackings, phishing scams, and breaches. Companies have been allocating increasing amounts of capital to shore up their infrastructure and security systems as they struggle with protecting both their own internal data and private information belonging to customers. Over the past year, the majority of data breaches have occurred in the healthcare, financial, government, and food and beverage sectors. The fastest-growing area of cybercrime appears to be mobile, where the majority of attacks plant malware on devices that can track the user and collect personal data.

The all-encompassing cybersecurity frontier has grown rapidly over the past few decades, far outpacing the regulatory bodies that stand between a hacker and your private information. The reason for the lag stems from a balancing act between personal privacy and protection. In April, The House of Representatives passed a controversial bill that would allow the government and US companies to share information in the mission to thwart future threats. The Cyber Intelligence Sharing and Protection Act will most likely go through many iterations while lawmakers struggle to define exactly what information can be shared as to protect confidential and private personal data.

Recent M&A activity tells us that corporations are not comfortable waiting on the sidelines as regulation attempts to keep up; many have pursued acquisitions to beef up cyber offerings catering to the market’s growing demand. Several key trends have emerged that can shed light on where the market may head next: companies are now paying more attention to defense-in-depth and layered-security infrastructure options, cyber criminals will continue to target victims searching for emerging and live news events through search engines, and social engineering will become more relevant as hackers attempt to take advantage of the growing popularity of personal profiles. Bloomberg recently published a study analyzing over 60 recent deals that showed federal contractors have a huge appetite for companies that can expand product suites to include capabilities such as continuous monitoring of networks, secure cloud systems, and mobile application security. General Dynamics’ acquisition of Fidelis Security Systems broadens the company’s cyber expertise and incident response services. Northrop Grumman expanded its secure mobile communications suite with its acquisition of M5 Network Security. CTI Inc., ISC8 Inc., ManTech, and Raytheon have also built up cyber platforms through recent acquisitions.

The surge of activity speaks volumes considering the growing focus on federal budget deficits and mounting spending cuts facing the defense industry. However, spending in the cyber market it is quite the contrary: Deltek forecasts federal spending on cybersecurity to reach $14 billion by 2016 (compared to the $9 billion spent in 2011). Our team at Clearsight does not see the federal cyber market cooling down anytime soon as the sector should remain exempt from pending budget cuts; in fact, we agree that it is likely that cyber may be one of the few areas receiving surplus funding. Further, we expect the largest increase of IT security deals to center around incident response services and solutions and mobile application security.