The cyber security industry is at a crossroads which will likely take several years to play out. It’s a time of new prospects coupled with windows of opportunity closing. Expansion coupled with consolidation. New startups will rise while others will be bought out and perhaps fade away altogether.

The challenges lie within the scope of the industry itself which is facing an increasing number of cyberattacks. As the type and sheer number of cyber threats grow, there is a need to have a set of integrated tools to stop them. The result is a glut on the market. New cyber security companies pop up whenever there is a recurring pattern in attacks against enterprise organizations to solve the subsequent problem. While this is a logical occurrence, businesses forming to fill a need, the sheer number of vendors information officers need to work with has been growing to the point where they need a scorecard just to keep track.

This just adds insult to injury as a multitude of point tools which don’t always talk to each other, also makes it hard to get a complete picture of just how well an organization is protected. Not only is this a strain on the company’s IT departments as they need to piece together the various programs, it’s also a costly proposition.  It has gotten to the point that more and more CISO’s are looking for vendors who can provide multiple cyber security solutions or at the very least, tools that are easily integrated with others.  

This trend has also gotten the attention of the VC’s. Over the past five to ten years, since data security became a hot button topic, it seems that investors were ready to put money on cybersecurity companies addressing niche issues. Now it seems private equity is becoming scarcer for security startups which aim to provide micro-solutions, especially for enterprise organisations. 

Another aspect of this trend is that now, larger cybersecurity firms are in the midst of trying to consolidate their positions as industry leaders. They’re doing so by planning and implementing mergers and acquisitions of smaller, more specialised companies in an effort to make their overall product more appealing and increase market share.  The aforementioned difficulty in raising capital has made M&A’s cheaper and more worthwhile for large cybersecurity firms looking to expand and diversify their product line.

There is another dilemma the industry is facing which might actually be eased if there will be fewer cybersecurity companies – a manpower shortage.  Some market analysts are predicting a shortfall of over three million workers within a matter of two to three years in the US alone. If this is the case, then companies might need to look beyond computer science majors to fill their ranks.

Enterprise corporations have reached critical mass and are much less inclined to choose patchwork security solutions. To ensure their long term survival, cyber security vendors will need to change their paradigm and offer clients as much as a one stop shop as best they can along with a plan on how to transition from a fractured security layout to a new, integrated one. Companies who won’t properly plan for this contingency might find themselves swallowed up or out of business.