Gartner: 10 Biggest Cybersecurity Consulting Companies By Revenue

The Consulting Opportunity

Most solution providers agree: Security presents one of the biggest opportunities for the channel, with research firm Gartner saying the market saw 7.8 percent growth to hit $17.8 billion in 2016. These 10 companies are dominating that market, accounting in total for 63.5 percent of the total security consulting market that year, according to Gartner. Gartner defined security consultancies as "security-specific advisory services designed to help organizations assess, analyze and improve the efficiency of their business operations, IT operations and technology strategies for security and risk management activities." Take a look at the 10 biggest companies in security consulting by revenue, and where they're investing to continue their growth trajectories.

10. BAE Systems

BAE Systems landed the No. 10 spot on the list with $290 million in security consulting revenue. That represents growth of 14.2 percent year over year, up from $254 million in 2015. Arlington, Va.-based BAE Systems held 1.6 percent market share in the security consulting space. The company said in 2016 that it plans to aggressively go after the cybersecurity market, including its Applied Intelligence business. Cybersecurity currently represents approximately 7 percent of overall revenue.

9. Optiv Security

Optiv Security, formed in 2015 through the merger of Accuvant and FishNet Security, has trumpeted a vision to become the biggest stand-alone cybersecurity solution provider. Optiv came in No. 9 overall, although it was the only company on the list 100 percent dedicated to cybersecurity. Optiv reported $373 million in revenue in 2016, up 15.5 percent from $323 million in 2015. The Denver-based company held 2.1 percent of security consulting market share in 2016. Since then, Optiv has been acquired by private equity firm KKR & Co., a deal that closed in February 2017.

8. Hewlett Packard Enterprise

Hewlett Packard Enterprise held onto the No. 8 spot, despite a 3 percent drop in cybersecurity revenue in 2016. The Palo Alto, Calif.-based company reported $388 million in security consulting revenue in 2016, down from $400 million in 2015. HPE accounted for 2.2 percent of the overall market for security consulting in 2016. The company did spin out multiple units in 2016, including its Enterprise Services business, which merged with CSC, and a collection of its software assets, including some security businesses.

7. Booz Allen Hamilton

Booz Allen Hamilton, one of the largest federal contractors, reported $482 million in security consulting revenue in 2016, landing it at the No. 7 spot for the second year in a row. That revenue was up 2.7 percent from $472 million in 2015. The company's push into cybersecurity is part of its effort to reinvent itself into more of a technology company, including big investments in security. Its portfolio now includes a broad range of cybersecurity offerings, including strategy, assessments, program design, solutions architecting, and solutions implementation. Booz Allen Hamilton, McLean, Va., landed a spot in 2016 on the government's $460 million contract for the USCYBERCOM Multiple Award Indefinite Delivery, Indefinite Quantity, under which it will provide a wide range of capabilities and technologies around cybersecurity to the federal government.

6. Accenture

Accenture has been betting big on security, and it's showing in the company's revenue growth. The Dublin, Ireland-based company's revenue jumped 6.2 percent year over year to $601 million in security consulting revenue. The company accounted for 3.4 percent of the overall market share for security consulting. Helping drive that growth was a series of security-focused acquisitions in 2016, including its acquisitions of Defense Point Security, Maglan and Redcore.

5. IBM

While it had relatively flat growth year over year in its cybersecurity consulting business, IBM held onto the No. 5 spot with $731 million in revenue in 2016. That is up 0.6 percent from $726 million in 2015. IBM also was heavily acquisitive in 2016, picking up IRIS Analytics and Resilient Systems to add to its cybersecurity capabilities during the year. The Armonk, N.Y.-based company's overall market share in 2016 was 4.1 percent.


KPMG landed at the No. 4 spot on Gartner's list of top cybersecurity consulting companies by revenue, with $1.95 billion in sales. Those sales were up 6 percent year over year, rising from $1.52 billion the year before. KPMG was also one of many companies on Gartner's list that was acquisitive during the year, picking up Markets IT, an Australian technology consultancy that specializes in financial services and includes capabilities for risk management, among other things. KPMG, Amstelveen, Netherlands, held 9 percent of overall security consulting market share in 2016.

3. PwC

PwC had the highest percentage jump in its security consulting practice in 2016, rising 17.8 percent year over year to $1.95 billion. Driving that, in part, was a number of acquisitions the London-based company made during the year, including that of Outbox Group and Praxism. Holding onto the No. 3 spot, PwC had an overall market share in security consulting of 10.9 percent.

2. EY

EY earned the No. 2 spot on the 2016 list of biggest security consulting businesses with $2.04 billion in security revenue. Those sales represent an 8.2 percent jump year over year, up from $1.88 billion in 2015. EY has been making a considerable investment in its cybersecurity practice, hiring former FireEye CTO Chad Holmes as principal, partner and chief technology, strategy, and innovation officer in March 2016 to lead its cyber practice. The company has continued to expand on that strategy in 2017, including the launch of a $10 million Advanced Cybersecurity Center in Dallas to serve as a home for some of its managed security services analysts, education, and a Cyber Academy. London-based EY held 11.4 percent market share in security consulting in 2016, Gartner said.

1. Deloitte

Landing the No. 1 spot on Gartner's list of largest security consulting practices for the second year in a row was Deloitte. Deloitte had $2.86 billion in cybersecurity consulting sales in 2016, up 14 percent from 2.51 billion in 2015. The company held 16 percent market share in security consulting, Gartner said. New York-based nDeloitte has been actively investing to expand its cybersecurity portfolio, including two acquisitions in 2016 of I-Analysis and Integrity-Paahi Solutions.