Table of contents
Key takeaways
The European cybersecurity industry comprises businesses that provide technology and services to detect and prevent cyberattacks (e.g. malware, phishing, distributed denial of service (DDoS) attacks) against clients’ IT systems. This research covers the entire cybersecurity value chain, which we segment into software development, advisory & testing, managed services and distribution.
The cybersecurity market faces ever-increasing demand on the back of business digitalisation, ever-increasing volume and sophistication of cyberattacks, increasing IT complexity and stringent data protection regulations. At the same time, the market remains fairly fragmented across each of the identified segments, due to a steady inflow of new and well-funded market entrants. Executives interviewed by Gain.pro list generalist IT giants and telecom operators among the main consolidators, integrating cybersecurity into their core offering.
Investor-led activity has been significant across Europe. The main drivers for this include the industry’s favourable growth outlook, recurring revenue streams and its mission-critical nature, resulting in highly resilient demand. Besides typical VC and growth investments, the most common strategies for financial sponsors entail a buy-and-build strategy to expand the offering and geographic footprint as well as the technical expertise of platform investments.
With regards to ESG, cybersecurity businesses play a crucial role in shielding individuals, businesses and governments from harmful attacks. As damages from cybercrime will grow at a CAGR of ~13% until 2025, these businesses play a vital role in containing the damage to society. On the social front, ESG leaders focus on security awareness of their clients, as well as the broader public, as the clear majority of cyberincidents can be traced back to human error.
Company benchmarking
Market growth
The global cybersecurity market was valued at $173bn in 2020 and is projected to reach $270bn by 2026, exhibiting a CAGR of 7.7% (Forbes, April 2020)
Statista (March 2022) forecasts the European cybersecurity market to grow at a CAGR of 9.2% per year, from $32.2bn in 2020 to $55.2bn in 2026
The European cybersecurity services market is expected to grow from $17.2bn in 2020 to $32.2bn in 2026 at a CAGR of 11.0% (Statista, March 2022)
Positive drivers
Increasing complexity of digital infrastructure increases the risks of malicious activities. Demand for end-to-end system protection is expected to increase as the number of endpoints exposed to cybercrime grows. Endpoint growth in turn is largely driven by the convergence of IT and operational technology (e.g. IoT) and the use of outsourced cloud services (CBI, November 2021)
Accelerated digitalisation forces businesses to adapt to new environments. On the one hand, e-commerce growth triggered by COVID-19 was followed by a 350% increase in fraudulent orders (Business Wire, November 2021). On the other hand, remote working weakened e-security enforcement and boosted the use of unprotected mobile devices (Verizon, 2021). These novel risks necessitate the adoption of new software products and managed security services (CBI, November 2021)
Stringent EU cybersecurity regulations expand the addressable markets. The GDPR and the Network and Information Systems Directive (NIS) increased the minimum standards of data and infrastructure protection for businesses (European Council, March 2022). We believe that the increasing enforcement of such regulations (TechTarget, December 2021) will drive the demand from businesses previously hesitant to invest in cybersecurity measures
Negative drivers
The global shortage of cybersecurity talent will hamper the short- to medium-term growth potential. In 2021, the global gap for cybersecurity jobs was projected to reach 3.5m (InTechOpen, March 2021). This disproportionately affects smaller players, unable to match the human capital expenditure of larger peers
Disintermediation risk as security offerings are increasingly built into larger IT & telecom systems. As tech giants (e.g. Google’s Chronicle Security) and telecom businesses (e.g. Orange Cyberdefense) can seamlessly fuse cybersecurity with their core services, non-integrated providers might be unable to compete in the long run (interview by Gain.pro)
Cybersecurity investments by SMEs are tied to government subsidies and the broader economic landscape. For instance, IT auditors reported that smaller Dutch enterprises often lack the capital to invest in costly cybersecurity systems (Het Financieele Dagblad, April 2018)
Read the full report on Gain.pro
Cybersecurity industry industry.
With the full report, you have access to…
Detailed assessments of the market outlook
Insights from c-suite industry executives
A clear overview of all active investors in the industry
An in-depth look into 121 private companies, incl. financials, ownership details and more.
A view on all 445 deals in the industry
ESG assessments with highlighted ESG outperformers
And much more!
