As governments prioritise cybersecurity and fatten budgets, defence firms are securing their position in the market.
The need for more and better cybersecurity is undeniable, in both the private and public sectors. Accordingly, growth in the military and civil cybersecurity market has been impressive: It expanded from $3.5 billion in 2004 to $120 billion in 2017. Research firm Cybersecurity Ventures estimates that the cybersecurity market will continue to grow by 12-15% annually for the next three years. This is double the growth rate of global defence-equipment budgets.
For most of its existence, the cybersecurity market has been dominated by technology companies; however, as more governments come to see cybersecurity as a matter of national security, defence companies are stepping up efforts to secure their share of the market. IHS Markit estimates that global military budgets will reach a new post-cold war high this year. Defence departments, particularly in the U.S. and U.K., are looking at allocating much more to cybersecurity.
Historically the defence industry has had a vacillating relationship with cybersecurity. Defence firms have been fending off cyber-attacks against their own interests since the dawn of the internet, but only started selling cybersecurity services about a decade ago. Adapting to a market with much shorter procurement cycles posed some difficulty. And with thousands of firms selling cybersecurity services, the market’s competitiveness was a challenge. In the software development arena, defence firms were outgunned by tech firms. Many, including Boeing and General Dynamics, pulled out of the cybersecurity market, lured by robust demand for conventional weapons.
Changes in the market are now making cybersecurity more attractive to the defence industry. Not only is demand on the rise overall, but it is rising in areas where defence firms have advantages, such as threat identification and damage control. And, according to The Economist, “It is also becoming easier for them to leverage their historical expertise in military intelligence”, now that governments and companies are subject to similar kinds of attacks.
In the past few years, big defence companies have increased investment in cybersecurity. In April General Dynamics acquired cybersecurity specialist CSRA for $9.7 billion, forming General Dynamics Information Technology-CSRA, to provide IT services to the U.S. government. Lockheed Martin, which was hit with a data breach itself in 2011, has invested in various security startups, such as Cybereason.
While the market is ripe at the moment, there is some trepidation regarding the longer term. Defence giants are concerned about the expiration of a two-year budget boost in America in 2020, and how it will affect demand. Investment could spike in the short term, however, so that defence companies with deep pockets can diversify into cybersecurity while the “sun is shining”, says Frank Ford of Bain & Company.