Cybersecurity, or how to gain clarity in immature markets

Cybersecurity has been a trending topic in the news in recent times. Dutch newspaper Het Financieele Dagblad, focused on business and financial matters, published almost 40 articles on this subject in the month of January 2020 alone. Notable victims of cybercrime in The Netherlands have been the municipality of Zutphen, Medisch Centrum Leeuwarden hospital, GWK Travelex, and of course Maastricht University. The latter of which paid the hackers that infiltrated the institution €200.000 to regain control of its own IT systems.

Even high-profile individuals aren’t safe when it comes to hacking; allegedly the crown-prince of Saudi Arabia sent Jeff Bezos, the founder of Amazon, an infected video to gain access to his data. Meanwhile, according to the Dutch Autoriteit Persoonsgegevens, the number of Dutch data leaks continues to rise, reaching 27.000 in 2019 – a 29% increase on 2018. The number of these incidents associated with hacking, malware, and phishing incidents grew by 25%, to 902.

Given these developments and the risks involved, it is no wonder that cybersecurity is an important topic in boardrooms. Reports show that, globally, 47% of companies find enhancing security the most important aspect of their IT strategy, but also that 87% do not yet have sufficient budgets. This lack of preparedness is no wonder, as it can be hard to understand what cybersecurity is and what it would mean for a company. This seems to be something especially small- and medium-sized firms are struggling with. In a recent study we carried out within this sector, we found companies that believed they were safe because “everything is in the cloud”, major food-processing companies with only 0.5 FTE cybersecurity personnel, and a large number of Information Security Officers uncertain of which products they need to keep their systems safe. Websites of cybersecurity companies do not necessary help either; they use different words to denote the same products, and explanations are often filled with hard to understand technical jargon.

It requires a lot of specialist knowledge to navigate such an opaque environment…

This lack of clarity is not only confined to the specifics of cyberthreats and their solutions. The same can be said about the market itself.

How big is the market for cybersecurity in The Netherlands? A clear question, but not one that can be answered easily. A The Hague Security Delta report from 2017 puts the number somewhere between €0,4 billion and €7,5 billion. A possible proxy to find the real number is the average spending on cybersecurity, as a percentage of IT spending. BCG finds three different numbers: 3.7% (PWC), 5.9% (Gartner), and 10.0% (Forrester). These numbers can’t all be right.

Such as wide range in findings are a clear sign of an immature market.

What about the competitive landscape? There are more than 66.000 IT companies in The Netherlands, 3.600 of which claim to have cybersecurity as their core business. Another 2.500 provide cybersecurity services on top of their other functions (CBS). Such a fast-growing market attracts new entrants, with firms specializing in IT infrastructure moving up the value chain to get a piece of the pie. Specialized cybersecurity companies have to compete with large consultancies, IT companies, and telecoms firms both domestic and foreign. The first signs of consolidation are also visible.

Is it possible to gain some clarity on these developments?

Driven by technological developments and societal change, these questions and the associated lack of clarity can be found in a large number of immature and fast-changing markets: fintech is disrupting banking, electrical and self-driving cars are changing transportation, and the focus on health and sustainability is squeezing FMCG producers in favor of vegan and lactose free alternatives.

How can a company make clear strategic plans with this much insecurity?

By asking the right questions and using the correct methodologies. At Annalise we have been helping our clients with these kinds of issues for more than 35 years. Combining hypotheses, weak signals, desk research and primary research through expert interviews, we offer unique and profound insights. From market sizing and competitor analyses, to researching the needs, perceptions, expectations and drivers of (possible) clients. With our tailor-made approach, we gain the insights that answer your question – and your question only. We then turn these insights into recommendations, so you can respond to the challenges confronting your company, quickly and dynamically.

Rob Lindner | Consultant at Annalise Market Intelligence

As a person driven by a natural curiosity who wishes to fully understand the world, it is my goal to provide our clients with the best Market Intelligence insights for their strategic questions.

Email: RL@annalise.nl | Tel: +31 (0)30 214 8303