Sivarama Krishnan, Leader-Cyber Security, PwC India
With time, the definition of cyber security has evolved significantly,keepingpace with the changing nature of threats - from the basic "virus protection" days in the early 90s, to network security in the 2000s to its evolution today, spanning across the information environment, aiming to protect systems (software, hardware, and embedded), infrastructure, and information in all forms.
Currently, the cyber security market is estimated at ~USD 80 bn. by various analysts, and is expected to grow to USD 120 bn. over the next 5 years. Products (software and hardware) account for almost 55 percent of the market, the rest being accounted for by services. Within products, the market is divided into a number of sub-segments (comprising both software and hardware) including network security, end-point security, identity and access management, and security monitoring, amongst others. On the services side, there are four major sub-segments, which are security consulting, managed security services (MSS), security implementation services and education, and training and certification services. Over the past year, PwC, which provided mostly security consulting services, has ventured into security implementation services and MSS, owing to the high growth rates of these market segments.
Cyber security is a field deeply influenced by technology trends such as digitization, the rise of fintech, "connected" cars and homes, and wearables, and cyber security companies continuously develop new solutions to address threats arising from these trends. From the supply point of view, this has led to the proliferation of numerous cutting-edge cyber security products from security information and event management (SIEM), e-discovery, privileged identity management, behavioral analytics, next-generation firewalls, and UTMs, amongst others. Further, solutions have also been developed to secure specific sectors and address specific threats, such as end-to-end solutions for SCADA systems in oil and gas, connected cars, smart cities, etc. Regulations and compliance are major drivers for the industry as most critical infrastructure sectors are highly regulated.
In services, MSS is expected to drive growth, primarily through the SME segment. The segment is adopting newer technologies such as BYOD and cloud-based services, and is facing an ever-increasing number of cyber-attacks. The MSS model makes security more affordable as compared to a full, on-premise model, giving an impetus to adoption by SMEs.
The market is driven by intense M&A activity, which is seen by larger, mature companies as a means to acquire new talent and technology and expand product portfolios and market presence. Take the case of the UTM market - Dell's UTM products mostly focused on large enterprises; however, its acquisition of Sonicwall helped it strengthen its sales channels and address small and medium businesses effectively.
In India, as it is globally, the financial services sector leads spending on cyber security. The sector is highly regulated, owing to the sensitivity of data handled and the consequences of a potential breach. PwC's recent thought leadership on RBI's circular on cyber security discussed the regulator's mandate on the subject in detail. After financial services, technology, telecom, and government are also major spenders, although in most countries a large part of the government's spend on cyber security is classified as it has direct link with national security.
Cyber security is continuously evolving and recent, high-profile breaches have brought increased global attention to the field. Through the years, we have noticed that even at clients, the board and CXOs are increasingly getting involved in understanding their organization's risk profile and taking mitigating measures. This interest has been in the favor of CIOs and CISOs, who now have larger budgets to operate in. I anticipate that this interest will continue to grow and continue to push the industry's growth.