Analyst: Cybersecurity Spending To Hit $1 Trillion Over Next 5 Years, Presents Opportunity 'Ripe For VARs'

If you thought the cybersecurity opportunity for the channel was big now, it’s about to get even bigger.

According to a recent report by Cybersecurity Ventures, worldwide spending on security products and services will hit $1 trillion during the five-year period between 2017 and 2021, a market that founder Steve Morgan said presents a big opportunity for solution providers.

"The cybersecurity space is ripe for VARs," Morgan told CRN in an email. "Corporations of all sizes and governments globally are turning to security outsourcers for help. VARs with deep domain experience in cybersecurity are few and far between, and in high demand for their consulting and advisory services," he said.

[Related: The 10 Coolest Security Startups Of 2016 (So Far)]

That opportunity is particularly large for partners, he said, due to the sheer size of the market, a "severe labor shortage" in security that can be solved for many companies through outsourcing, and a strong demand for managed security services with robust security operations centers.

The report comes after a few months of talk of a "security slowdown," with some major vendor executives and analysts predicting a slower year for security spending in 2016.

Matt Johnson, CEO at Baltimore-based Phalanx Secure Solutions, said he has seen that slowdown in his own solution provider business, citing the election as a possible reason for hesitation. But Johnson expects the tides to turn drastically in the months to come.

"I do see spending going back up," Johnson said, citing particular needs for network intrusion prevention and some endpoint security technologies.

The spending predicted by Cybersecurity Ventures amounts to a rise of around 12 percent to 15 percent year over year, above the 8 percent to 10 percent year-over-year growth predicted by other analyst firms, the research firm said. Morgan said the market is wider than many analyst firms give it credit for, extending beyond "IT Security" (including PCs, servers, laptops, notebooks, and mobile device protections) to include protecting all connected devices, including IoT, aviation, mobile and critical infrastructure. The report also included security services, consulting and more.

"The traditional categories are being overhauled ... Emerging technologies are a little different and don’t give IT buyers the same time to plan. New devices are being thrust upon them – and they are figuring it out as they go," Morgan said, citing the shift from firewalls to next-generation firewalls as an example.

The report also cited a hesitation among enterprises to report increased security spending following an incident as a reason for underreported security spending. However, the report did cite examples of some enterprises touting their increased security spending, including J.P Morgan doubling down on security from $250 million to $500 million, Bank of America announcing an "unlimited" security budget, and the U.S. government announcing a $19 billion budget for security spending in 2017.

Morgan said he sees enterprises investing particularly in cloud security, IoT security and BYOD (Bring Your Own Device) as they respond to increasing trends in the workplace. He said CIOs and chief information security officers (CISOs)with the budget available are looking to invest proactively in security, rather than reactively.

"Any CIO or CISO who has the budget is going to be proactive," Morgan said. "Cyberattacks are no longer speculative. They occur every day, and they are wreaking havoc on businesses globally ... The percentage of companies in a reactive cyber-spending mode is dwindling, especially within Fortune 500 and Global 2000 organizations."

With a drastic increase in cybercrimes, which were estimated to have cost businesses between $400 billion and $500 billion in 2015, this trend is not likely to slow down any time soon, the report said. Some estimates put 2016 cybercrime costs between $2 trillion and $3 trillion.

"This is a sign of the times, and there's no end in sight. Incremental increases in cybersecurity spending are not enough. We expect businesses of all sizes and types, and governments globally, to double down on cyber protection," Morgan said in the report.