EXECUTIVE SUMMARY:

Cyber attacks are causing trillions of dollars’ worth of harm every year. At the current pace of growth, cyber attacks will cause approximately $10.5 trillion in damage by 2025.

Cyber security vendors are meeting the moment by studying the factors shaping new security trends, modernizing capabilities, and making themselves more competitive.

As the industry addresses new priorities, cyber security vendors are due to increase their prevalence across market segments, expanding engagement with existing accounts, and reaching the depths of the unvended space.

All-in-all, McKinsey & Company says that security vendors have at least $2 trillion in available business opportunity.

More insights, innovation and trends

• Overall, organizations have experienced below-target adoption of cyber security products and services, indicating that CISOs’ priorities are often, although not always, underfunded.
• In the next few years, key points of discussion within organizations will be: Managed security services, pricing mechanisms, cloud technologies and artificial intelligence.
• Each of the aforementioned areas presents a wave of new opportunities for cyber security vendors.

In-depth analysis: SMB security

Over the last few years, particularly amidst the coronavirus pandemic, smaller organizations have seen the expansion of their digital footprints and greater ecosystem inter-connectivity.

Malware and ransomware are also heavily affecting small-to-medium-sized businesses (SMBs). Seventy-five percent of SMBs say that they would be able to survive for only three to seven days following a ransomware attack.

And among mid-market entities, limited internal resources and abilities to pay for ever competitive and elusive cyber security talent can leave organizations particularly susceptible to cyber attacks.

In general, SMBs anticipate expanding their use of endpoint detection and response (EDR) tooling to single panes of glass that ingest and monitor cloud environments. They also anticipate greater reliance on managed service partners (MSPs).

Managed services demand (and opportunity)

Over the next three years, demand for full-service cyber security offerings is expected to increase by as much as 10% annually. Cyber security providers may thus wish to develop bundled offerings that capitalize on common, related use cases. The focus will need to be on outcomes, as opposed to precise services or technologies.

McKinsey & Company suggests that vendors might consider adopting co-creative models with external managed service providers (MSPs) in order to build workbench solutions. Ultimately, the more robust service layer would create greater runway with which vendors could master product market fit.

In the not-too-distant future, winning companies will develop relationships with SMB-focused channel partners and optimize corresponding marketing. In some cases, it may make sense to re-platform offerings as lighter-modality SaaS-first solutions. This will make services more palatable to organizations that are deep in the trenches of SaaS transformations.

Additional SMB opportunities (vendors)

For SMBs, many cyber security solutions are mis-priced. Larger firms can pre-pay or purchase in volume to obtain discounts. However, smaller companies don’t have the leverage to be able to engage in strategic pricing negotiations. Customers have started to gravitate towards vendors that apply outcome-based models, or models that allow for easier internal planning, such as per workload.

Additional innovation curves (vendors)

One of the toughest innovation curves for vendors is developing the technology to secure next-gen artificial intelligence products, and offering corresponding managed security services. Experts recommend that vendors concentrate innovation around areas such as data source integration and neural/logic engines.

Further information for you

In short, the number of cyber attacks and regulatory pressure on companies will mean that the cyber security market will push to research, develop and sell new solutions and services offerings.

For more insights into how both SMBs and security vendors can embrace innovation and create more market-friendly businesses, see this McKinsey & Company article.

Lastly, don’t miss registration for the most important cyber security event of the year; CPX 360 2023. Register here.