Cyber security providers sitting on $2trn market, says Mckinsey

Onome Amuge & Chisom Nwatu

The continuing digitisation of the global economy, ever-increasing numbers of cyberattacks, and regulatory pressure on companies to protect their data have presented cybersecurity providers with a market opportunity worth $2 trillion.

McKinsey & Company, a global management and consulting firm, made the disclosure following a survey of the cyber onslaught affecting the digital economy which is expected to cost global enterprises $10.5 trillion annually by 2025, a 300 percent increase from 2015 levels.

According to the report, Malware such as ransomware have been found to pose an existential threat to small and medium-sized enterprises as well as large enterprises. This has resulted in organizations spending around $150 billion in 2021 on cybersecurity, a 12.4 percent annual increase.

A survey of 4,000 midsized companies also found that threat volumes will almost double from 2021 to 2022, with over 40 percent of the observed malware never been seen previously.

To maximize the opportunity, cybersecurity providers were advised to get a grip on the growing segments shaping the market including cloud technologies, pricing mechanisms and artificial intelligence.

“With strategic planning in these areas, and a robust approach to implementation, cybersecurity providers can make themselves more competitive and get a slice of the $2 trillion pie,” the report stated. 

Gauging the market opportunity, McKinsey surveyed 500 cybersecurity buyers and interviewed 50 market-leading vendors. The combined insights, tracked in its cyber market map, showed that spending on products and services from vendors is set to rise 13 percent annually up to 2025, an uptick from 10 percent growth over the past three to five years.

Current market dynamics further pointed to an increasing number of cybersecurity services spurred by an evolving threat landscape and talent shortages. McKinsey explained that this can be maximised by cybersecurity providers through strategic approaches, including:

Higher levels of customer engagement

Standing at approximately 10 percent penetration of security solutions currently, the report noted that the underpenetration of cybersecurity products and services has resulted in “below-target” adoption of cybersecurity products and services by organizations.

With the current buyer climate expected to create a unique moment in time for innovation in the cybersecurity industry, cybersecurity providers and investors were advised to unlock more impact with customers by better meeting the needs of underserved segments, continuously improving technology, and reducing complexity. They were further encouraged to meet the challenge by modernising their capabilities and rethinking their go-to-market strategies.

Exploitation of cloud migration

According to McKinsey, public-cloud migrations will continue to define enterprise technology strategies for the next several years. As such, providers are encouraged to consider not only accommodating but also specialising in hybrid and multicloud architectures.

The report pointed out that regulation also creates a cloud-related opportunity for providers as highly regulated verticals are migrating to the cloud about four times more quickly than low-regulated verticals are.

“This could help unlock new markets, particularly in highly regulated Europe, and be a key differentiator for multinationals that must navigate complex cross-border data flows, local regulations and data sovereignty, and geopolitical issues that spike cyber and data risk,” it stated. 

Creating a pricing model for the midmarket

The report found that many cyber solutions are mispriced for small businesses compared to large ones. This, it explained, is why larger organisations are able to conveniently pre-pay or buy in bulk to obtain volume discounts, while small and midmarket companies are less able to negotiate for same services.

McKinsey therefore  advised providers to employ consumption-based pricing models such as  per gigabyte. It added that  customers increasingly reward vendors that use outcome-based or more “plannable” pricing models, such as per workload.

Creating better innovations 

McKinsey encouraged providers to enable high-fidelity assisted intelligence that makes human analysts more efficient, be it through leveraging advanced analytics or building tight integrations with other security platforms.

Service providers were advised to focus on next-generation security products by concentrating innovation in areas such as data source integration and neural/logic engines. It added that enhancing and building data source integrations could yield indirect revenue opportunities and widen access to larger ecosystems.

Expanding managed services with a midmarket-friendly solution

According to McKinsey, demand for full-service offerings is set to rise by as much as 10 percent annually over the next three years. Based on the finding, providers were advised to focus on developing bundled offerings centred on delivering favourable outcomes for midmarket players. The report also encouraged vendors to adopt a partnership strategy and, where necessary, invest in building collaborative sales capabilities with their partners.

“A potentially rewarding approach would be to adopt co-creative models with managed-service providers (MSPs) to build workbench solutions. This would require investments in R&D and development tooling that allow MSPs to connect your platform to theirs rather than the other way around,” it said. 

McKinsey explained that creating partnerships will lead to faster implementation and more efficient operations. It added that the resulting improvement in customer outcomes will feed into the performance metrics of providers.

With billions of dollars of revenues set to flow into the cybersecurity market in the next three years, providers are expected to seize the opportunity by optimizing the aforementioned strategies.

McKinsey encouraged cybersecurity providers to  employ productive combinations of product, price, and services tailored to target segments and are flexible enough to scale.

“If the industry can meet these priorities, it can start to create the momentum that will increase its penetration across segments and put the $2 trillion prize in play,” it said.