Cyberattacks are proliferating, causing trillions of dollars of damage every year. The cybersecurity industry has a chance to step up and seize the opportunity.
As the digital economy grows, digital crime grows with it. Soaring numbers of online and mobile interactions are creating millions of attack opportunities. Many lead to data breaches that threaten both people and businesses. At the current rate of growth, damage from cyberattacks will amount to about $10.5 trillion annually by 2025—a 300 percent increase from 2015 levels.1
In the face of this cyber onslaught, organizations around the world spent around $150 billion in 2021 on cybersecurity, growing by 12.4 percent annually.2 However, set against the scale of the problem, even this “security awakening” is probably insufficient. A survey of 4,000 midsized companies suggests that threat volumes will almost double from 2021 to 2022.3 According to the survey, nearly 80 percent of the observed threat groups operating in 2021, and more than 40 percent of the observed malware, had never been seen previously. These dynamics point to a nearly $2 trillion addressable market opportunity—ten to 15 times the total level of spending today (Exhibit 1).
The underpenetration of cybersecurity products and services is, on the face of it, the result of the below-target adoption of cybersecurity products and services by organizations—which suggests that the budgets of many if not most chief information security officers (CISOs) are underfunded. Cybersecurity providers must meet the challenge by modernizing their capabilities and rethinking their go-to-market strategies.
To maximize the opportunity, providers must get a grip on the factors shaping the market, the segments most likely to grow, and the services customers need. Here we set out four areas likely to be the focus of such discussions: cloud technologies, pricing mechanisms, artificial intelligence, and (particularly in the midmarket) managed services. With strategic planning in these areas, and a robust approach to implementation, cybersecurity providers can make themselves more competitive and get a slice of the $2 trillion pie.