RSA Conference: Mammon and malware

by Brenon Daly


Ahead of next week’s RSA Conference, information security (infosec) companies are mastering their marketing and perfecting their pitches as they look to capitalize on the industry’s largest annual get-together. More than 650 companies will officially exhibit their security products and services, with probably at least that many vendors unofficially hawking their wares around the San Francisco-based conference. What’s drawing all of the interest in infosec?

The short answer is money. Or more specifically, the budget dollars that businesses allocate to secure themselves. Even in a time when overall IT is often being asked to ‘do more with less,’ IT folks are being given more for infosec. A lot more. That unprecedented growth is rapidly – and unalterably – reshaping the multibillion-dollar industry.

In a recent survey by 451 ResearchVoice of the Enterprise: Information Security, Budgets and Outlook, nearly nine of 10 IT buyers and users told us their infosec budget was fatter for the coming year than it was in the previous year. That was 10 times the percentage of IT professionals who said they have fewer dollars to spend in the coming year.

And when the respondents to our survey say they have more money to spend, they are talking real dollars. On average, they indicated that their infosec budgets would be 22% higher in 2019 than in 2018. Compare that with broader IT budgets that basically track the US GDP growth of a low-single-digit-percentage increase.

Of course, more money means more hands reaching for it. In infosec, we see that in the ever-increasing number of infosec-focused startups as well as the ever-increasing number of established vendors buying their way into one of the last growth markets for IT spending.

We have already looked at how the growth in VC funding has distorted infosec, with freely flowing venture dollars leading to an overpopulated ecosystem. Our Darwinian take on the market, which we published ahead of the 2016 RSA Conference, is arguably even more relevant today. In the intervening four years, venture firms have poured billions of dollars into infosec startups.

In addition to those freshly formed and richly capitalized startups, existing vendors have also recast their strategies so they can pursue the growth in infosec. Typically, this means a combination of buying and building. Large-cap companies such as Cisco and IBM have both built infosec divisions that measure revenue in the billions of dollars through a series of acquisitions coupled with in-house development: 451‘s Research M&A KnowledgeBase shows the two giants have spent $11.5bn on nearly 40 infosec purchases since 2002.

As to what will dominate the talk on the RSA Conference show floor and at the cocktail events that follow, our infosec analyst team has some thoughts on the trends that are shaping the industry expansion as well as acquisition activity. See our recently published 2020 Tech M&A Outlook: Information Security to get a glimpse of the deals that are likely to get done after the conference packs up and heads out of town.

Figure 1: Infosec spending
Source: 451 Research’s Voice of the Enterprise: Information Security, Budgets and Outlook