Managed security services are filling the gaps in a growing cybersecurity market, providing opportunities for MSSPs where orgs cannot keep up with legislative changes, the rising threat from bad actors, and the shifting nature of work.
In Global Data's recent report, it found the Aussie market was set to grow at a compound annual growth rate (CAGR) of 6.7 percent to 2025, reaching $4.7 billion (US$3.5 billion), with managed security services accounting for the lion’s share of the market spend.
While large enterprises will account for the majority of this spend, the SMB market will see faster growth, the analyst firm said.
While finding cyber talent is difficult for even the largest company at the moment, it is SMBs who are most vulnerable, Sydney MSSP StickmanCyber’s founder and chief executive Ajay Unni told CRN.
“Small to medium businesses can't afford to buy tools and run it themselves,” Unni said.
“Even if they do buy the tools, who's going to do their compliance governance risk assessments? Who's going to make sense of the tools and the reports that the tools spit out and what actions need to be taken? There needs to be somebody to guide them through that process.”
GlobalData’s research shows that managed services growth will be driven by identity and access management, endpoint security platforms, and security intelligence and management solutions.
Unni pointed out that these trends are likely for larger enterprises, as many smaller companies are still “gearing up to get to that basic hygiene level security” before moving into the higher level of cyber.
Both Unni and the CMO of security specialist providers Sekuro Nick Flude said they are seeing endpoint detection and response as a particularly strong area of growth.
While much of the market growth is coming in response to the increase in attacks, GlobalData also noted the changing legislation that is driving cybersecurity uptake across the market, particularly ‘The Security of Critical Infrastructure Act 2018’ and its proposed amendment ‘Security Legislation Amendment (Critical Infrastructure) Bill 2021’.
Flude said that this kind of legislation does make the role of the cybersecurity provider easier as it “raises awareness across the entire industry and the entire organisation and that awareness increases education.”
However, Unni points out that the growing “laundry list of security standards” that trickles down from the larger companies to the SMBs who work with them can put further strain on the smaller companies.
However, he said, this does open up opportunities for companies that can offer testing against standards as part of what he calls the cybersecurity consulting-as-a-service.
The transition to remote and hybrid work is another area that is driving the uptake of a huge range of security solutions, GlobalData technology analyst Saurabh Daga said in a statement.
“The demand for security solutions that can protect enterprise IT infrastructure against security threats that may arise from mobile devices and networks used in remote working environments will grow in the short to medium period,” Daga said.
Flude said that the challenge is in the “standardising of the employees operating environment. At home is no longer inside the security perimeter and controls of the organisation, so how do you enforce the end to end policies and controls in a home environment?”
“We are at a crossroads where modern business is digital business – and digital business has to be secure business. Security has to be embedded and not be an impediment.”