How has the security industry’s bottom line been impacted by COVID-19, and what does the economic health of the sector look like post-pandemic? Kathryn Pick explores
The impacts of coronavirus have spread far and wide across the globe, as case numbers broke 80 million towards the end of 2020 and related deaths approached two million.
Whilst the health crisis has been playing out as a traumatic episode in front of our eyes, the economic story has been unravelling alongside it. Sectors as wide ranging as transport through to mining have seen profits fall as demand drops and people face a changing world of work.
However, analysts on both sides of the Atlantic have pointed to a boom in the technology sector as employees resort to working from their homes and businesses look for remote solutions.
So, how has the security industry been affected in this most taxing of times, and what does the economic health of the sector look like as the promise of vaccines gives the world hope for the post-pandemic future?
A Painful Year
It would take a miracle for any industry to have ducked the blow of coronavirus throughout 2020, and information security, despite some claims to the contrary, was no exception. Ruggero Contu, senior research director at Gartner, explains that his firm’s security forecast points to a “significant”, but thankfully not “disastrous” impact on the growth of the security market.
The forecast – updated over the summer to reflect the pandemic – showed there was a decrease in the pre-crisis growth estimates of 9% in 2020 to the reviewed estimate of 4%.
Contu adds: “So, there was still some growth there, albeit not necessarily across all segments, but overall the picture is still positive, with most vendors so far facing slower sales cycles rather than cancellations.”
Tom Rebbeck, research director and partner at Analysys Mason, says the move to working from home did not stop businesses spending on their security, but it did shift the spend away from the more traditional network security appliances towards email and web security, data protection and secure remote access solutions.
Malcolm Locke, chief financial officer of data security firm Egress, adds that many firms in his field saw an initial slowdown around March and April 2020 when potential customers were focusing on getting their businesses set up to work remotely for the foreseeable future.
“They were dealing with immediate blockers to productivity, such as video conferencing, VPN connections and device access,” he says. “If you didn’t provide those solutions or hardware, it was likely you had at least a few deals put on hold.”
Rebbeck agrees, saying “vendors that haven’t adapted well to this shift in the market will have a problem retaining customers.”
“Adoption of security solutions has increased, and many businesses have increased their spend faster than expected”
The Silver Linings
So the start of the pandemic was slow as companies worked out their needs and looked for the right security vendors to provide them. However, unlike some other industries, this did not last, and many cybersecurity solutions became a much needed element of the new world of work.
Rebbeck says: “The pandemic has had a number of positive impacts on the cybersecurity industry. Adoption of security solutions has increased, and many businesses have increased their spend faster than expected as a result of the crisis.”
For Contu, that move to home working offered up many opportunities. He says that while the overall infosec market witnessed a slowing down of its annual growth by about half in 2020, there were segments that continued to grow at the pre-crisis rate despite the pandemic.
They included cloud access security brokers, endpoint protection platforms, privileged access management, secure web gateway and web application firewalls.
“This performance of the security market is sustained by demand relating to new requirements, such as the need to secure remote working activities, but also existing drivers such as the need to secure cloud environments – a need that accelerated during the crisis,” adds Contu.
Locke adds that there were certain positives for his firm and the wider industry brought about by the accelerated digital transformation that was incited by the pandemic. “Many businesses started to focus in on and address the risks individual employees pose to sensitive data – often without meaning to when they’re under pressure to get their jobs done,” he says.
“They started to realize that their employees are more likely to make mistakes when they’re dealing with the various distractions that come with working from home, such as clicking a phishing link or attaching the wrong file.”
There was also a renewed focus on email security, as remote working meant that employees relied on emails more than before.
The 2020 Outbound Email Data Breach Report by Egress found 94% of organizations were sending more emails because of COVID-19, and half of IT leaders reported an increase in email volumes of over 50%.
Locke adds: “For certain areas of cybersecurity, the increased levels of risk meant that new business wasn’t so hard to come by.”
Benefits Post-Pandemic
What is clear is that, whilst the cybersecurity industry took a hit with some of its traditional models being deemed unnecessary as the world moved from office to home, a number of opportunities opened up to refocus efforts and make sure cybersecurity products are suited to the new normal.
So, as we enter 2021, and with vaccines efforts under way, can these ‘perks’ of a pandemic continue to benefit the infosec world?
Rebbeck says the shift to working from home appears to be a permanent one – and one cybersecurity companies can profit from. “Businesses have already signaled that they expect to change their policies post-pandemic and will be more supportive of employees working from home,” he continues.
“From a security perspective, this accelerates existing trends with an emphasis away from securing a location to securing a person and their devices. Spending on mobile security, remote access solutions and cloud security will all increase faster than other areas of security.”
In fact, research from Analysys Mason puts a figure on it, with 14% of small- and medium-sized businesses in the US alone expecting to maintain higher levels of spending on security post-pandemic. Nevertheless, while there are clearly areas for the sector to shine, a new dawn does not blot out all challenges for the industry.
Gartner’s Contu says the businesses looking to buy the solutions from vendors have been hit hard, so will be thinking even more carefully before getting out the checkbook.
“Challenges will be around relatively longer sales cycles, increased pressure to demonstrate return on investments and vertical focus review,” he says.
Rebbeck agrees, saying the economic consequences of the pandemic are only just beginning to be felt. “If you look at the bankruptcy rate for 2020, in many countries it is actually lower than in previous years, but fewer businesses have gone bankrupt than in a normal year, probably because of strong government support in many countries,” he says.
“In 2021, this support will reduce and many businesses will stop trading, or will reduce their operations. Retailers, for example, are already reducing the number of stores they have, and other businesses are questioning whether they need so much office space.
“These changes will inevitably have an impact on spending on cybersecurity products, especially by some sectors of the economy.”
Egress’ Locke says his company is sure to face the knock-on effect of economic downturns in the sectors they service. He also warns that vendors could suffer from a lack of investment from customers and potential customers in 2021, depending on the area of cybersecurity they operate in.
“Unfortunately, some areas of cybersecurity could suffer more than others – particularly those that require long-term investment, or those whose products just aren’t seen as business critical,” he adds.
“I think this will be particularly true for smaller organizations that simply don’t have the funds available to dedicate to longer-term, high-investment projects.”
“For certain areas of cybersecurity, the increased levels of risk meant that new business wasn’t so hard to come by”
The Diagnosis
So, in this most unusual of new years, what is the diagnosis for the future economic health of the cybersecurity industry in this post-pandemic world?
Contu is positive, and says that the prospects are good as security remains a top priority, something that is even more apparent “given the impact of the pandemic with a number of phishing campaigns targeting COVID-19 and new risks arising from new ways to conduct business.”
Rebbeck agrees that the industry is in “relatively good shape” moving forward. “There’s certainly a lot that vendors have done to adapt to the situation,” he says, such as an increase in focus on working with managed service providers, as well as expanding product portfolios and amending products to make themselves more attractive for remote working scenarios.
Also, he says the level of merger and acquisition activity in the market has not changed much compared to previous years, despite what has been going on around us.
However, elements like sales and marketing, or research and development, have become tougher with lockdowns and limits on travel, and while this has yet to show any general negative effects so far, it will be worth keeping an eye on in the coming year.
Rebbeck adds: “For the industry as a whole, increase in interest and spending on security – and the changing nature of security – are all positive trends. However, this doesn’t mean that all security vendors will do well.”
Smaller vendors may struggle in the near future, such as endpoint security companies with low revenue or smaller network security vendors who seem to be losing out to the bigger enterprises. As a result, some consolidation may be needed to strengthen the smaller players.
However, for Locke, the future is bright now the “remote working genie is out the bottle.”
He adds: “Many organizations simply won’t go back to the old way of doing things, and hybrid/flexible working will become a long-term reality for many employers and employees. This presents a big opportunity for the cybersecurity industry – there are a lot of new and different risks involved with hybrid working.
“We almost get twice the level of opportunity as we can help to protect people and infrastructure in office premises, but also provide solutions to ensure that employees can work securely from home and on various remote devices.”
There is also optimism around investment into vendors themselves, as they have emerged relatively unscathed from a global pandemic that has shaken even the sturdiest of sectors. As expected, the cybersecurity industry has fought hard, innovated and found much-needed solutions during COVID-19’s spread.
There is plenty of opportunity ahead as the globe emerges from the clutches of the virus and the future is looking bright, but that same drive to find new solutions during lockdown will need to remain, especially as customers’ budgets tighten, to ensure the health of the industry remains well.