the u.s. cybersecurity market - business sweden€¦ · target, sony and anthem have cost ......
TRANSCRIPT
CONFIDENTIAL
FOR INTERNAL USE WITHIN CLIENT COMPANY ONLY
THE U.S. CYBERSECURITY
MARKET
Business Sweden in the USA
March 2015
Introduction
U.S. Cybersecurity Market Overview
BUSINESS SWEDEN 7 AUGUST, 2015 2
AGENDA
Operations in Sweden
Headquarters in Stockholm
Regional Export Advisors across Sweden
Trade Commissioners and Managers regularly visit
different parts of Sweden
Operations Abroad
Nearly 400 employees in over 50 countries
Through our partner network we cover more than 100
countries worldwide
Business Sweden USA
Operational since 1949
Offices in Chicago, New York and San Francisco
Nearly 20 local and Swedish employees
7 AUGUST, 2015 BUSINESS SWEDEN 3
BUSINESS SWEDEN MAKES IT EASIER FOR SWEDISH
COMPANIES TO GROW INTERNATIONALLY
BUSINESS SWEDEN AIMS TO BE THE PRIMARY CONSULTING PARTNER FOR SWEDISH FIRMS DOING BUSINESS IN THE U.S.
ESTABLISH PRESENCE
CHOOSE STRATEGY
EXAMINE OPPORTUNITIES
Step 2
Step 3
Step 1
DEVELOP BUSINESS Step 4
BUSINESS SWEDEN 7 AUGUST, 2015 4
THE UNITED STATES, IN BRIEF
SOURCES: CIA WORLD FACTBOOK, STATISTICS SWEDEN
Area: 9.8 million square kilometers – almost 22 times the size of Sweden
Population: 319 million people
Government: Constitution-based federal republic with a strong democratic tradition
Head of government: President Barack Obama
Legislature: U.S. Congress, comprised of Senate (upper house) and House of Representatives
(lower house)
Languages spoken: English (82.1%), Spanish (10.7%), other European languages (3.8%), Asian or
Pacific Island languages (2.7%), other languages (0.7%)
Currency: U.S. Dollar, $
GDP per capita: $52,800*
Inflation rate: 1.5%*
Main exports and imports: Agricultural products, industrial supplies, capital goods, consumer goods
Swedish exports to the U.S. in 2013: 68 billion SEK
Swedish imports from the U.S. in 2013: 28 billion SEK
*2013 ESTIMATED AVERAGES
BUSINESS SWEDEN 7 AUGUST, 2015 5
CYBERSECURITY (CS) INCLUDES VARIOUS SOLUTIONS
THAT ARE ADAPTED TO DIFFERENT SECTORS
SOURCE: DOD, CATAPULT CONSULTANTS, CSC
Cybersecurity: security applied to computing devices such as computers and smartphones, as well as
computer networks such as private and public networks, including the whole Internet
Example industries and applicable solutions and strategies
Healthcare
Incident response
Technology development,
research & standards
integration
Cybersecurity policy and
strategy development
Physical and CS critical
infrastructure protection
Crisis and risk management
Defense
The Department of Defense's
CS strategy focuses on four
key areas:
Establishing a strong
cyber defense position
Transforming cyber
defense operations
Enhancing cyber
situational awareness
Ensuring survivability
against attacks
Financial Services
Identity management
Compliance
Business continuity
Disaster recovery
Consulting
Access control
Single sign on
VLAN
Email screening
VPN
Policy enforcement
Firewall
Introduction
U.S. Cybersecurity Market Overview
BUSINESS SWEDEN 7 AUGUST, 2015 6
AGENDA
TOTAL CYBERSECURITY SPENDING
BUSD
79
109
66
83
0
20
40
60
80
100
120
2013 2014 2015f 2016f
USA Rest of world
THE U.S. PUBLIC KNOWS CS IS IMPORTANT
7 AUGUST, 2015 BUSINESS SWEDEN 7
THE U.S. CS MARKET LEADS THE WORLD IN OVERALL
SPENDING AND STRONG GROWTH WILL CONTINUE
SOURCE: MARKETSANDMARKETS, PWC, YOUGOV, NASDAQ
HIGH IT SECURITY SPENDING SHOWS INCREASING AWARENESS AND INTEREST IN PREVENTING ATTACKS
High profile
security
breaches
Public
Interest
Hacks on large companies like
Target, Sony and Anthem have cost
revenue and public trust
7% of U.S. organizations lost 1
MUSD or more from cybercrime in
2013, compared to 3% globally
Increased
dependency
on IT
All sectors rely on IT systems to
relay sensitive information
E-commerce is a vital platform for
billions of dollars worth of
transactions each year in the U.S.
68% of Americans believe that
cybersecurity is very important
There is a trend of government CS
spending and regulations
increasing
COST OF CYBER CRIME BY INDUSTRY
MUSD, 2014
INDUSTRIES ARE NOW FOCUSING ON CS
Cybercriminals target utility and energy organizations in
the U.S. due to their potential to disrupt the economy
and their weak defenses
Financial services organizations are often targeted by
hackers with financial motivations
69% of U.S. executives are worried that cyber-threats
will affect growth
75% of Chief Information Officers feel that CS was a
top priority and that their companies would increase
spending to support the initiatives
Healthcare devotes the largest share of its IT budget
to CS at 5.6%, financial services spends 5.5% and
retail spends only 4% of its IT budget on cybersecurity
In 2014, financial services organizations invested an
average of 2,500 USD per employee in CS compared
to retail organizations investing 400 USD per employee
7 AUGUST, 2015 BUSINESS SWEDEN 8
CYBERSECURITY IS A GROWING PRIORITY IN THE
PRIVATE SECTOR ACROSS INDUSTRIES
SOURCE: PONEMON INSTITUTE; HEWLETT-PACKARD (HP ENTERPRISE SECURITY), PWC, TELECOM INDUSTRY ASSOCIATION, PIPER JAFFRAY, INFORMATION WEEK, WALL STREET JOURNAL
U.S. COMPANIES RECOGNIZE THE IMPORTANCE OF CS AND HAVE INCREASED THEIR CS IT BUDGETS
0
5
10
15
20
25
30
BUSINESS SWEDEN 7 AUGUST, 2015 9
PUBLIC AND PRIVATE AGENCIES ARE IMPLEMENTING
CS STANDARDS TO BENEFIT CONSUMERS
SOURCE: DELL SAFEWORKS, OF DIGITAL INTEREST, CALIFORNIA LEGISLATIVE INFORMATION, U.S. DEPARTMENT OF HEALTH AND HUMAN SERVICES
The Security Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE)
implemented its Cybersecurity Initiative in April 2014 to assess and encourage cyber security
preparedness at financial institutions
The OCIE Cyber Initiative was in response to recent cyberattacks on financial institutions
OCIE Cyber
Security
Initiative
NEW CS REGULATIONS REQUIRE KEY SECTORS TO UPGRADE CYBERSECURITY TO BE IN COMPLIANCE
The Health Insurance Portability and Accountability Act (HIPAA) requires most types of medical
businesses to encrypt stored or transmitted health information if “reasonable and appropriate”
Many states, including California and New Jersey, have recently added extra requirements to
safeguard patient data, often in response to attacks, like that on Anthem Health Insurance
HIPAA and state legislatures have instituted these rules in an attempt to protect confidentiality and
availability of information from evolving cyber attacks
HIPAA
Payment Card Industry (PCI) Compliance Regulations aim to ensure the privacy and
confidentiality of payment card information within an organization that has access to or stores
that data
By preventing ever advancing cyberattacks, payment processing companies can minimize the
costs of lawsuits, fines and decreased customer trust
PCI
Compliance
REGULATORY COMPLIANCE HAS BEEN A MAJOR FACTOR DRIVING CORPORATE SPENDING ON CS IN THE U.S.
CS SPENDING BY U.S. FEDERAL GOVERNMENT
BUSD
0
2
4
6
8
10
12
14
16
2013 2014 2015 2016f
GOVERNMENT SPENDING ON CS IS INCREASING
The Federal government spent 78.8 BUSD on CS
between 2006 and 2013 under the Federal Information
Security Management Act of 2002 (FISMA)
Obama has requested 14 BUSD in the 2016 U.S.
budget for cybersecurity and favors defensive action
A large portion of the funding will go to the
Continuous Diagnostics and Mitigation program,
which secures and monitors networks in real-time for
all civilian agencies
Despite budget cuts to IT that started in 2013 under the
Budget Control Act of 2011, the U.S. government is
committed to increasing CS funding
President Obama has committed to investing in cutting-
edge CS technology under the Comprehensive National
Cybersecurity Initiative
In 2012, at least 42% of states allocated between 1-2%
of their IT budget to cybersecurity
7 AUGUST, 2015 BUSINESS SWEDEN 10
THE U.S. GOVERNMENT IS A MAJOR PURCHASER OF CS
SOLUTIONS
SOURCE: MERATUS, GOVTECH, DELOITTE, AVASECENT, U.S. HOUSE OF REPRESENTATIVES , WHITEHOUSE.GOV
CS SPENDING HAS NOT BEEN HEAVILY AFFECTED BY FEDERAL GOVERNMENT CUTS TO IT BUDGETS
55
208
51
220
392
504
9 24 15 24 33 49
0
100
200
300
400
500
600
2009 2010 2011 2012 2013 2014f
Dollars (MUSD) Deals
Rank Investor
1 Intel Capital
2 Google Ventures
3 Qualcomm Ventures
4 Juniper Networks
5 In-Q-Tel
6 NTT DoCoMo Ventures
6 Siemens Venture Capital
6 T-Venture
CORPORATE CS INVESTMENT AND DEAL VOLUME
7 AUGUST, 2015 BUSINESS SWEDEN 11
INVESTMENTS HAVE INCREASED IN CS COMPANIES,
ESPECIALLY AMONG CORPORATE INVESTORS
SOURCE: CB INSIGHTS
A LARGE NUMBER OF CS INVESTMENT ACTIVITY OCCURS IN CALIFORNIA, A KEY REGION FOR CS SUPPLIERS
MOST ACTIVE U.S. INVESTORS IN CYBERSECURITY
Since 2010, corporate investors have invested more than 1.37 BUSD into CS companies across 140 deals and tend to
favor early to mid stage CS companies
U.S. HQ LOCATIONS OF TOP CYBERSECURITY* FIRMS
FIFTEEN OF THE TOP FIRMS ARE AMERICAN
7 AUGUST, 2015 BUSINESS SWEDEN 12
MAJOR PLAYERS ARE PRIMARILY LARGE U.S.-BASED
ORGANIZATIONS CLUSTERED IN KEY REGIONS
SOURCES: HOOVER’S, VISION GAIN, , FBI INTERNET CRIME COMPLAINT CENTER
Origin Major Supplier in North America
U.S. Raytheon, Symantec, Northrop Grumman, Booz
Allen Hamilton, Computer Sciences, Cisco
Systems, Dell, General Dynamics, IBM, HP,
Intel, L-3 Communications, Leidos, Lockheed
Martin, Palo Alto Networks
Japan Trend Micro
Russia Kaspersky Lab
France Thales Group
Italy Finmeccanica SpA
U.K BAE Systems
THE WORLD’S LARGEST CS PLAYERS TEND TO LOCATE IN SILICON VALLEY AND NEAR THE FEDERAL GOVERNMENT
*MARYLAND HERE INCLUDES WASHINGTON D.C.
State with >20,000 cyber attacks
State with 10,000-20,000 attacks
State with 5,000-10,000 attacks
State with < 5,000 attacks
“We can compete with large players as we are more
focused on our specialty. Our lost contracts are mainly
due to customer’s budget limitations rather than losing to
the CS giants.”
Sales Manager, Swedish CS Provider
CS TECH USED BY U.S. COMPANIES
PERCENTAGE, 2014
0
10
20
30
40
50
60
70
CYBERSECURITY INDUSTRY TRENDS
Companies tend to rely heavily on perimeter controls
(PC) and firewalls because they have been the
traditional defense against hacking attempts
Cyberattacks are evolving quickly, making firewalls
and perimeter controls ineffective and forcing
companies to look for alternatives
In 2013, encryption accounted for 17% of companies’
CS budget. In 2014, encryption spending was
expected to increase to 39% of the CS budget
Access governance tools are in demand as
companies search for ways to secure millions of devices
in their network
CS solutions that offer a wide array of services and can
be easily integrated into existing networks are being
adopted quickly
CIOs and CISOs are often the key decision makers on
these solutions
7 AUGUST, 2015 BUSINESS SWEDEN 13
PC/FIREWALLS IS THE MOST COMMON CS MEASURE,
BUT THERE IS HIGH GROWTH IN ENCRYPTION DEMAND
SOURCE: BUSINESS SWEDEN INTERVIEWS, PONEMON INSTITUTE; HEWLETT-PACKARD (HP ENTERPRISE SECURITY), PRAESCIENT ANALYTICS, THALES SECURITY, CHICAGO TRIBUNE, UNISYS, TECHNAVIO
AS CYBERATTACKS ARE BECOMING MORE ADVANCED, COMPANIES ARE LOOKING FOR A HOLISTIC APPROACH
BUSINESS SWEDEN 7 AUGUST, 2015 14
THERE ARE NO GOVERNMENT REGULATIONS FOR CS
SOLUTIONS, BUT CLIENTS LOOK FOR CERTIFICATIONS
SOURCE: NATIONAL INITIATIVE FOR CYBERSECURITY CAREERS AND STUDIES, NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY
CS SUPPLIERS CAN DIFFERENTIATE THEMSELVES IN THE MARKET VIA VOLUNTARY CERTIFICATIONS
“The cybersecurity industry is not regulated, but there are
traditions and customs that companies tend to follow.”
Paul Hoffman, President
Cybersecurity Association
CERT
Certified Wireless Network Professional
Cisco
CompTIA
DRI International
EC-Council
Global Information Assurance Certification (GIAC)
Information Assurance Certification Review Board
International Information
Systems Security Certification Consortium, Inc. (ISC²)
Infotec Pro
ISACA
Learning Tree
McAfee Institute
Mile2
Security University
Organizations offering voluntary
certifications
The U.S. government does not have regulations on CS
products, instead they have regulations on companies
and industries to maintain a certain level of
cybersecurity
The National Institute of Standards and Technology
has some voluntary framework for critical
infrastructure’s CS that may become required in the
future
Many government agencies require high levels of
security clearance which can be very difficult for
foreign employees to obtain
Federal and state government
U.S. LOCATIONS FOR A SAMPLE OF LEADING EUROPEAN CS PLAYERS
BUSINESS SWEDEN 7 AUGUST, 2015 15
MANY EUROPEAN CS LEADERS HAVE COMMITTED TO
THE U.S. MARKET WITH LOCAL SUBSIDIARIES
SOURCE: HOOVER’S, CYBERSECURITY VENTURES, COMPANY WEBSITES, BUSINESS SWEDEN INTERVIEWS
European CS leaders are
increasingly establishing local
sales offices. In some cases, local
development and support are
necessary
Partnerships with local resellers
and implementation companies
are another common strategy
European companies have a
strong presence in a recent list of
the top 500 hottest CS companies
European local presence
AVG Technologies
Codenomicon
Cryptomathic
Secunia
“The U.S. is absolutely a priority market
for us. We are currently prioritizing
certain solutions there through a variety
of partners as an entry strategy.” CEO, Swedish CS Provider
EUROPEAN MARKET LEADERS TEND TO FOCUS THEIR LOCAL OPERATIONS ON SALES AND SUPPORT
Axiomatics
Brainloop
BWise
Napatech
BT
The U.S. CS market leads the world in overall
spending and strong growth will continue. Public
and Private agencies are implementing CS
standards to benefit consumers
Investment has increased in CS companies,
especially among corporate investors
Major players are primarily large U.S.-based
organizations clustered in key regions
PC/Firewalls is the most common CS measure,
but there is high growth in encryption demand
There are no government regulations for CS
solutions, but clients look for certifications
Many European CS leaders have committed to the
U.S. market with local subsidiaries
KEY FINDINGS CONCLUSIONS
7 AUGUST, 2015 BUSINESS SWEDEN 16
THE GROWING US MARKET IS THE WORLD’S LARGEST &
EUROPEAN COMPANIES ARE SEIZING OPPORTUNITIES
U.S. companies recognize the importance of CS and
have increased their CS IT budgets. Regulatory
compliance has been a major factor driving corporate
spending on CS in the U.S.
A large number of CS investment activity occurs in
California, a key region for CS suppliers
The world’s largest CS players have a strong local
market presence in this key market
As Cyberattacks are becoming more advanced,
companies are looking for a holistic approach
CS suppliers can differentiate themselves in the
market via voluntary certifications
European market leaders tend to focus their local
operations on sales and support
BUSINESS SWEDEN 7 AUGUST, 2015 17
BUSINESS SWEDEN CAN SUPPORT ESTABLISHMENT
AND GROWTH ON THE U.S. MARKET
Evaluate if the U.S. is
the right market for
your business
Analyze top market of
interest
Initial U.S. market
analysis
U.S. Market Entry Prepare U.S.
Entry Strategy
Establish Local
Presence
Develop U.S.
Business
How to enter the U.S.
e.g. evaluation of
potential entry routes
Evaluate the U.S.
market potential
Build network through a
meeting program
Establish a presence
swiftly and cost
effectively
Evaluate corp. structure
and create legal entity
Set up business support
and functions
Examine opportunities
to develop and grow
your U.S. business
Analyze the U.S. growth
scenarios
Business Sweden can assist your business with a variety of services
OUR OFFICES IN CHICAGO, NEW YORK AND SAN FRANCISCO CAN PROVIDE RECOMMENDATIONS ON HOW TO START
Business Sweden support can include evaluating the market potential, finding business partners, expert advisors,
coming into contact with policy makers or recruiting your country manager, as well as supporting the establishment of
your local presence
CHICAGO
Business Sweden
150 North Michigan Ave, Suite 1950
Chicago, IL 60601-7550, USA
T +1 312 781 6222
www.business-sweden.se/usa
CONTACT US
BUSINESS SWEDEN IN USA
NEW YORK
Business Sweden
The News Building, 220
E 42nd Street, Suite 409A
New York, NY 10017, USA
T +1 212 507 9001
www.business-sweden.se/usa
SAN FRANCISCO
Business Sweden
100 Montgomery Street, Suite 1780
San Francisco, CA 94104, USA
T +1 415 835 3000
www.business-sweden.se/usa