Information technology provides an endless wellspring of innovation and societal benefits that are at once increasingly dazzling yet in many ways uncontrollable. Surging worldwide cybercrime, intellectual property theft and sophisticated warfare-driven cyber operations have spawned a global cybersecurity industry driven by the imperative for responsive reinvention to survive.
In this environment of cyber threat act-counteract, the cybersecurity industry find itself endlessly behind the wave. The struggle is that of stretching to catch up, or perhaps dreaming of somehow leapfrogging existing attack technologies to beat the assailants at their own game.
This cycle of technological change is further complicated by the converging forces of cloud computing, big data, the shift to mobile platforms and the looming arrival of the so-named “Internet of Things,” each bringing its own unique accompaniments of cybersecurity challenges.
The continuing waves of 2014 cybersecurity breaches and the firing of the Target CEO ignited yet another powerful force: paranoia. “The Target firing was a watershed moment,” says Ted Schlein, founder/CEO of security company Fortify Software, which was aquired by HP. “Now, boards are asking their CEOs, How secure are we?” Company leaders are thus driven to demand answers, placing pressure on not only their CIO but their systems, network and security suppliers.
In this environment, those established suppliers which thrive by riding the crest of their legacy offerings run the risk of losing market share and slowing their earnings momentum. What was once high technology becomes low technology; the once-innovative becomes commonplace. New players, flush with their own “new” technology, ascend the stage, their offerings threatening to push many who came earlier to the game into a race to survive.
Recent announcements from established cybersecurity players of their plans to diversify, spin off businesses, and otherwise attempt to rearrange the pieces of their businesses in an attempt to disrupt their impending spiral to lessened relevance thus come as no surprise.
Symptomatic of this shift is virus protection firm Symantec’s plans to spin its security business into a separate company. According to announcements, the split will enable the company to focus more effectively as it shifts emphasis from virus protection to areas such as advanced persistent threats.
Symantec's VP of Information Security, Brian Dye, may have neatly summed up the company’s straits in a recent Wall Street Journal interview when he characterized it anti-virus business as “dead.” The halo over this legacy product line - more than fifty percent of Symantec’s revenues - has dissipated, a victim of more sophisticated threats and newer cyber defense technologies.
A move in another direction - that of building on existing strengths - is exemplified by Cisco”s coninuting push to bulk up its cybersecurity business through acquisition of ThreatGRID. Cisco reportedly sees the addition as a means to strengthen its security strategy by combining with the technology capabilities of Sourcefire, which it acquired in 2013.
A bountiful source of innovative new products for mature security providers lies in the hunting ground of promising newer firms. According to Venture Capital Dispatch, cybersecurity venture funding is booming: “In the first half of this year, venture capital firms put nearly $900 million into U.S. cybersecurity startups, nearly matching all of last year’s total dollars invested, and the sector was on pace to easily post the best mark in a decade”
These young creative laboratories of innovation are leading the search for the key to open the door to that as-yet conceived new generation of cyber defense technology that will result in a lucrative acquisition or create yet another major firm.
Moreover, increased cybersecurity has become more than a standalone pursuit. Jim Breyer, an early investor in Facebook, believes we are entering a new era of privacy and security. “The next generation of tech start-ups is being designed from the beginning with privacy and security in mind,” he says. “It’s a different mindset from the companies we saw being started five or seven years ago.”
Larger security players - whether it be FireEye, Fortinet, Cisco or others - seeking to gain strategic advantage from acquisitions in this new world will thus find strategic acquisition opportunities to fill out their security businesses in good supply.
In addition, applications software and services firms such as IBM, Oracle and SAP will have a hunger for privacy and security as they rush to reposition their offerings in order to stay ahead of the wave and maintain competitive advantage in cloud computing, big data, and mobile markets.
Whether by splitting apart, bulking up, or acquiring talent and products from emerging firms, those firms participating in today’s full-ahead world of cybersecurity will depend on ever-increasing levels of innovation to survive.
A recent Financial Times report sums up the current cybersecurity industry this way: “When the dust settles, a handful of big IT firms is likely to be left standing - while some names with a vaunted past will fade into history.”