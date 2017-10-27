Introduction

According to Statista, the enterprise security market is going to reach $71B by 2020, almost double the levels achieved in 2015.

(Source: Statista; Revenue from the enterprise security market worldwide from 2013 to 2020, in $B)

Therefore, this space can offer interesting growth opportunities. Earlier this month we wrote about Cisco Systems (NASDAQ: CSCO), arguing that its move into the security market should be met with some caution. We then wrote about Fortinet (NASDAQ: FTNT), a provider of cybersecurity solutions for enterprises, service providers, and government organizations worldwide.

Today we focus on IBM (NYSE:IBM) security. This section has been prepared with the assistance of our contacts within the company.

Market Potential

In our Cisco article, we noted that much of the potential for growth in this segment comes from a global uptick in awareness of the importance of cybersecurity. As our personal and financial data continues its relentless march online, many firms have been publicly found out for a want of protection over these key assets.

(Source: Network World)

Cisco itself released an annual cybersecurity report this year, which noted that 29% of organisations that faced an online security breach lost revenue, with 38% of those losses accounting for more than 20% of those companies' revenue. A quarter of businesses facing breaches cited lost business opportunities, with 42% of them losing more than 20%. Aside from the obvious detrimental effects on operational and finance systems, brand reputation and customer retention can take a lengthy period to recover. Businesses are becoming more aware of this risk every day.

Fortinet's research mirrors these broad trends and offers some insights as to the pace of growth in security spending. It suggests that there is still room to grow as top level decision makers lag behind in realising the importance of cybersecurity. According to their figures, 48% of IT decision makers believe that IT security is still not a top priority discussion for the board, despite recognising that 71% said their IT security budget has increased from the previous year. 77% of the respondents noted that they believed their boards should put IT security under greater scrutiny.

As such, it seems the group of IT decision makers are clashing with their boards to try and bring security spending up to match perceived threat levels. What will help to close this gap in perceptions and remove the disjunct are three key drivers.

First is an Increase in security breaches and global cyberattacks. To quote the research:

In the last two years, 85% of businesses have experienced a security breach, with the most common vector of attack being malware and ransomware for 47% of respondents. 49% of ITDMs said there has been an increased focus on IT security following global cyberattacks, such as WannaCry. The scale and profile of global cyberattacks is bringing security to the attention of the board. Security is no longer just an IT department discussion.

(Source: news.com.au)

Second, increasing regulatory pressure can compel top level executives to act. If major fines are large enough to threaten the bottom line, boards have an imperative to take interest. One clear example of this increasing pressure is the European Union's General Data Protection Regulation due to be implemented in May 2018. This gives power regulators to impose fines up to "4% of the annual worldwide turnover of the preceding financial year in case of an enterprise" which could be devastating for the bottom lines of even large companies. The law would extend EU data protection laws to all foreign companies processing data of EU residents, which goes for just about every global business.

(Source: EIMF)

Third, the transition to the cloud presents new opportunities. 50% of those surveyed in Fortinet's research are planning fresh investment solely into cloud security in the next year. Companies recognise that this changing landscape provides new security challenges and most importantly uncertainty. Money is poised to follow as companies seek to hedge against an uncertain new world.

IBM Security Backgrounder

IBM is executing a unique cybersecurity strategy focused on an immune system-like defense, with cognitive technology at its core, delivered from the IBM cloud. According to the company:

yesterday's "moat & firewall" security is no longer enough, given the rate, pace and sophistication of attacks. Like a human immune system, today's cybersecurity defenses need to find those attacks that will eventually breach a perimeter, quarantine and remediate them (across an organization's data, applications, mobile and endpoint devices).

Non-integrated, point-product security solutions are insufficient (many organizations can use up to 50 security products from 80 vendors). IBM Security offers integrated cognitive detection capabilities across an organization's entire operation.

Why cognitive cybersecurity?

Like other professions and industries, security professionals need to extract insights from volumes of data that are not manageable by people alone. To evaluate the current trend, we asked IBM for some statistics:

For example, on average, companies face 200,000 security events per day Companies average 21,000 hours annually just chasing false positives 80% of the world's data is unstructured - blogs, articles, reports - that is inaccessible by traditional security tools There are an estimated 60,000 security blogs published each month, and 10,000 security reports published each year At the same time, there is a looming security skills shortage, with nearly 2 million jobs projected to be open by 2020 Cognitive technologies can address each of these issues. Watson for Cyber Security, launched earlier in 2017, has been trained to understand and analyze massive amounts of both structured and unstructured security data It has analyzed more than 1M security documents over the last year and is now analyzing an additional 15,000 per day In early usage of Watson for Cyber Security, some clients have detected security breaches 50-times faster than manual security analysis

According to IBM, the immune system concept also reflects how the public and private sector need to collaborate more -- particularly to share data on cyberattacks -- to battle back against highly organized cybercrime, similar to the way the CDC and the WHO collaborate to fight health pandemics. To move along these lines, IBM opened its collection of security threat data - one of the largest in the world at 700 terabytes (a volume equivalent to all data that flows across the internet in two days) - to the public through X-Force Exchange, our cyberthreat portal. The collection includes two decades of malicious cyberattack data from IBM, as well as anonymous threat data from the thousands of organizations for which IBM manages security operations

Finally, just as medical professionals prepare and rehearse for health pandemics, it is also critical that businesses plan and rehearse for potential cyberattacks. First, IBM invested $200M in people, facilities and technology last year to help clients train and rehearse for everything from an employee losing a laptop, to a full-scale cyberattack. Second, IBM's response capabilities range from how to quarantine and remediate an attack, to responding to the broad array of regulatory filings, employee, sales, client and media responses and communication. In security parlance, this set of capabilities is known as "incident response". Third, IBM's incident response resources include the world's first "cyber range" for the commercial sector, located in Boston, where clients use war-game tactics to experience and respond to live cyberattacks in a controlled environment

IBM's Differentiators

We asked IBM what differentiates them from competition. The three main points are:

World-class security experts to help IBM clients. IBM Security has 8,000 SMEs, including researchers who analyze software and the Internet for potential vulnerabilities; incident response teams (IBM X-Force IRIS) who conduct forensics investigations in the wake of an attack; Interim Chief Information Security Officers (CISOs), that help organizations build and deploy security strategies; malware, spam and Dark Web analysts, and ethical hackers.

Cognitive security centers. IBM has invested significantly in new capabilities at its Global network of IBM X-Force Command Security Operations Centers, where IBM deploys Watson for Cyber Security to help protect clients from cyberattacks. The global IBM X-Force Command Centers include physical facilities and a network of 1,400 security professionals working virtually across the world to manage security for IBM clients. IBM's security centers manage 1 trillion security events every month for more than 4,500 clients across 133 countries.

Innovative security technology: Watson for Cyber Security, delivered from the IBM Cloud. The world's number one Security Intelligence tool in QRadar (Gartner); and a full range of other "security as a service" offerings, from identity management to data security.

IBM Security by the Numbers

In 2016, IBM's security business grew 14% (adjusted for currency), outgrowing the security market by 2x. IBM Security is a $2 billion/year business (based on revenue in 2016) IBM Security is the fastest growing vendor in the global security software market based on Gartner's most recent security market analysis. Gartner also calls IBM the 3rd largest security software vendor in the world. The screenshot below shows that in Q3 2017, the security business picked up with growth of 49% year on year. However, this segment is still quite small representing less than 10% of IBM strategic imperatives and approximately 1% of overall revenues. Yet, this growth is impressive and an improvement compared to the 5% in Q2 and 10% in Q1. It would be interesting to see whether IBM can confirm this growth over the next 2/4 quarters.

This study found that the worldwide security software market revenue grew to $21.4 billion in 2014, a 5.3 percent increase from 2013's revenue of $20.3 billion. High-growth areas that contributed to this increase in value include technologies such as security information and event management. This market grew 11% in 2014 to touch $1.6 billion in revenue. IBM is the largest security vendor selling exclusively to enterprises (TBR Enterprise Security Market Forecast, 2015-2020). We tried to find a more recent report but we could not find public statistics.

Conclusion

The cybersecurity market is predicted to experience significant growth in the coming years. The enterprise space is going to be a lucrative one. We have so far covered CISCO and Fortinet. Today we cover IBM. The company is expected to generate approximately $2B/year from the security business. At the moment this represents only 2.5% of overall revenues but, if security revenues can confirm current growth rates, this business will become more significant.

