While a rapid rise in cybercrime is bad, it can be good for business if you’re a solution provider, a recent study found.
According to a report by Cybersecurity Ventures, the annual costs of fighting cybercrime will grow from $3 trillion in 2015 to $6 trillion by 2021. Those sharply rising costs can take many forms, including data damage, theft of money or intellectual property, fraud, business disruption, forensics and restoration, and reputational harm, the report said.
That's where solution providers can step in to help.
For those able to help companies cope with those costs and protect against future damages, a massive opportunity is knocking on their doors, according to Steve Morgan, founder of Cybersecurity Ventures, a market research firm based in Menlo Park, Calif. "Cybercrime damages and the resulting cybersecurity spending to combat hackers is a major opportunity for VARs," he said.
Solution providers say they're already starting to see more business from the rise in cybercrime in recent years.
“Breaches are terrible, but it’s good for business,” Darren Calman, vice president of business development at Atlanta-based Simeio Solutions, said.
In particular, Calman said the rise in cybercrime is driving awareness to an all-time high with customers, who he said are more willing to open up their checkbooks for security solutions in response to the number of breaches in the news.
Charles Drum, director of privileged account management at Boulder, Colo.-based Integral Partners, agreed, saying that recent incidents, particularly a wave of ransomware attacks on hospitals, have “really shook up our clients.” He said he sees clients more than ever recognizing the value of investing in security technologies.
“That’s a bit of a change. I’ve been in this space for a long time and it was hard to fight for dollars because people didn’t see the value in it … Now, with cybercrime … when the CISO goes to get money, they have the ear of the board,” Drum said.
In particular, both Drum and Calman said customers are looking for services to fully implement purchased security solutions, rather than just purchasing “checkbox” security solutions to meet regulatory compliance needs.
“We’re seeing more of our clients willing to realize the real cost of ownership and invest in getting software and solutions [that are being] used and [are] useful … That’s an upside for us,” Drum said, as services lead to longer-term engagements with clients and more revenue opportunities over time.
Morgan said VARs that don't focus as heavily on security will also face stiff competition from pure-play security advisory and consultancy firms, as well as from managed security service providers.
“CIOs and CISOs are very careful about who they will hand off or outsource any of their security to. That in and of itself is a big cyber risk,” Morgan said.
The challenge for VARs, Morgan said, is keeping up with the rapidly accelerating pace of cybercrime. In addition, VARs that are pivoting to take advantage of the opportunity are faced with a severe labor shortage in cybersecurity, he said, estimated to reach one million unfilled positions in 2016 and 1.5 million by 2019.
“The market is expanding so quickly that some VARs have dropped everything to pursue their cybersecurity offerings … As always for VARs, a capable sales force can be the gating factor when it comes to growing from a niche player to a larger regional, national or international player,” Morgan said.
While Calman's business also feels the pressure to find talent within a constricted workforce, he said managed security service providers like Simeio Solutions are well-positioned to take advantage of the opportunity. He said customers don’t have the resources in house to handle the growing security threats, so they're increasingly turning to MSSPs, who specialize in the market, for help.
“It’s something they can’t wait on. It’s unfortunate, but it’s good for business,” Calman said.