According to figures released in 2020 by the Department for Digital, Culture, Media and Sport, the UK’s cyber security industry is worth £8.3bn. However, the picture isn’t as cohesive as you might assume – different areas of the cyber security industry are growing at varying rates and world events continue to shape developing trends.
We’ve seen, and will continue to see, UK businesses digitising their processes, including the transfer, storage and processing of important data and communication. But we’re also seeing more frequent and sophisticated cyber-attacks on enterprise systems. The UK IT security sector is continuing to reshape itself to meet these evolving threats and the changing demands of organisations.
Here are five trends to watch in this space:
Trend 1: Proactively adapting to evolving threats
The threat and regulatory environment is evolving rapidly, and organisations are hurrying to adapt to these changes. The pandemic has produced changes in attack methods at the same time regulation has become more complicated and potentially more costly. Security providers, and their customers, have to balance these considerations and develop their solutions to meet this changing environment.
Managed security services are becoming more proactive, offering both offensive and defensive capabilities. We’re seeing more customers looking for providers who will both coordinate their incident response team and carry out the more day-to-day tasks of managed detection and response. We expect to see more cyber security and fusion centres created to expand security operations, using emerging technologies like AI and machine learning to deliver layered security and provide insights.
Trend 2: A focus on user-friendliness
As a result of these changing threats (and more stringent regulations), enterprises will focus on working with tools and services that are easy to understand and use. At the moment, it’s especially important that security service providers offer solutions that can cover both legacy and digital systems in a relatively uncomplicated way. Data loss prevention providers are one of the specialists seeing high demand for ease-of-use solutions from their clients.
Providers offering identity and access management (IAM) and data loss prevention (DLP) will need to support products designed for on-premises use to work in the cloud – which will require significant investment.
Trend 3: Increasing demand for as-a-service
IAM specialists will see an increased demand for IDaaS (identity as a service), as will data loss prevention and managed security services providers. Organisations want to simplify their supplier management and will increasingly demand more performance-based contracts, moving away from traditional SLAs.
For providers, this represents a challenge to cashflow management and the need to continually provide the best performance. Those that fall behind will likely lose out to their competitors. However, at least in the short term, providers may struggle to invest in product and service improvements as they adapt to the change in their cashflow from their move to as-a-service provision. (We’re starting to see this with traditional IAM providers who are losing out to their cloud-native rivals as they grapple with this change.)
Trend 4: Providers bringing new abilities on board to offer comprehensive solutions
There’s likely to be an increase in security providers bringing more specialisms on board to offer a comprehensive package to enterprises that increasingly want software and hardware bundled with long-term service support, allowing them to create efficiencies in both time and money.
For example, the UK technical services market is large and fragmented. While many companies offer services covering system integration, stress testing and training, most don’t have the expertise or capacity to fulfil enterprise-level work. Some operate in a specific region, others specialise in certain sectors, tools or systems.
Organisations and leaders with more experience and expertise in security and systems management realise they need a provider who understands the engineering and integration of a solution is as important as the on-going functionality of the tool. One of the things we’re likely to see is managed security service providers (MSSPs) increasing their share of the IAM market.
Trend 5: Security-focused leadership as clients seek out partners who have comprehensive security in place
UK companies are evaluating the feasibility of hiring and training people to work on strategic security management in-house, either in place of or to supplement outsourcing, but they must take into account just how much expert knowledge these people need. For example, strategic security consultants provide guidance on how to select and manage external security providers and help to analyse enterprise risk-tolerance. They can also help to identify gaps in cyber security programmes.
As cyber-attacks, phishing and ransomware threats continue to rise, the demand for security services will continue to increase. Business leaders are becoming more aware of the need to find risk-balanced security solutions that will keep their shareholders happy.
Maturity and compliance assessments have become regular occurrences as companies seek to document readiness, demonstrate improvements made to their security programmes and ensure they remain compliant with regulations. As these threats continue, we’re finding that a mature security programme is seen as a strong advantage when providers negotiate with potential clients.
The IT security sector is dealing with the challenges of covering both legacy and cloud systems, customers that want to move to an as-a-service model, and (for some) the prospect of having their services absorbed into a more comprehensive managed security service offering. Enterprises want bundled services that offer a layered and end-to-end approach to security, and they’re realising how crucial their security processes will be in the years to come.