Cyberattacks prompt massive security spending surge

May 18, 2017 by Julie Charpentrat
In what experts called an unprecedented mass cyberattack using ransomware, more than 200,000 computers around the world were hacked beginning Friday using a security flaw in Microsoft's Windows XP operating system

The fight against cyberattacks has sparked exponential growth in global protection spending, with the cyber security market estimated at $120 billion this year, more than 30 times its size just over a decade ago.

But even that massive figure looks set to be dwarfed within a few years, experts said, after ransomware crippled computers worldwide in the past week.

The "global market was worth $3.5 billion" in 2004, according to a study by Cyber security research firm CyberSecurity Ventures, but in 2017, "we expect it to be worth more than $120 billion".

In the five years ending in 2021, the firm said it expected worldwide spending on cybersecurity products and services "to eclipse $1 trillion".

"It has clearly been a rapidly increasing market for many years, particularly in the last two or three years," said Gerome Billois, a cyber security expert with consulting firm Wavestone.

Much of the growth will be spurred by massive cyber attacks like the so-called "Wannacry" ransomware that struck targets in dozens of countries, ranging from British hospitals to Russian banks.

In what experts called an unprecedented mass cyberattack using ransomware, more than 200,000 computers around the world were hacked beginning Friday using a security flaw in Microsoft's Windows XP operating system, an older version that was no longer given mainstream tech support by the US giant.

The virus spread quickly because the culprits used a digital code believed to have been developed by the US National Security Agency—and subsequently leaked as part of a document dump, according to the Moscow-based computer security firm Kaspersky Lab.

The attack blocks computers and puts up images on victims' screens demanding payment of $300 (275 euros) in the virtual currency Bitcoin, saying: "Ooops, your files have been encrypted!"

The massive attack has been a boon for cyber security , driving up stock prices of some while others, like six-year-old American start-up Crowdstrike, were able to raise $100 million in one day.

Ransomware: 'key trend'

High-profiles attacks like WannaCry "drive the market," Ilex International president Laurent Gautier told AFP.

Ransomware attacks represent about 22 percent of all global incidents NTT Security, an information security and risk management firm, handles for clients, said Kai Grunwitz, the firm's senior vice president for central Europe.

That number jumps to 56 percent for financial firms.

"So these types of attacks are certainly one of the key trends" driving up spending on computer security systems and tools, Grunwitz said, but "buying more software or hardware products will not fix the problem—awareness, procedures and a strategy aligned with the specific risk profile are key."

"Nevertheless, the global security market has grown in terms of revenue, and we see a very strong potential for additional growth in products but even more in consulting and managed security services over the next few years."

A still nascent industry just 12 to 13 years ago, the market gradually expanded because of the "digitisation of companies and countries" and the increasing online attacks which publicised the rising digital threat, Billois said.

"The growing wave of ransomware in 2014 created an enormous source of business for security research firms" because "companies were made aware of their vulnerabilities," said security expert Jerome Saiz.

Companies were slow to realise they needed to protect themselves since "the return on investment is impossible to determine," Saiz said, "and we cannot know which attacks we survived and how much they cost".

For large companies, putting in place an IT security strategy can cost tens of millions of dollars, he added.

Some like French telecoms firm Orange choose to bring the security in-house. The telecoms giant bought cyber security firm Lexsi last year.

To better respond to the threat from the other side, smaller security firms have banded together to create alliances, like the group of French companies who formed Hexatrust in 2014.

Either way, software security companies like US anti-virus firm Symantec are reaping the benefits. The company "doubled" its share price in one year, said chief security strategist Laurent Heslault.

But the threat from ransomware is hardly the only danger on the horizon.

The hacking of interconnected appliances and other internet-connected things, the theft of personal and financial data, and hackers engaging in online political campaigns will all drive the market in the coming years.

The biggest troubles however will not come from an attack but a "skills shortage": "a million cyber jobs worldwide actually remain unfilled," Heslault said.

Explore further: Worldwide ransomware cyberattacks: What we know

Related Stories

Alarm grows over global ransomware attacks

May 12, 2017

Security experts expressed alarm Friday over a fast-moving wave of cyberattacks around the world that appeared to exploit a flaw exposed in documents leaked from the US National Security Agency.

Whiz kid who foiled cyberattack

May 16, 2017

They are called white hats—the good guys in the Wild West of the internet—and they ride to the rescue as in the case of the 22-year-old British expert who helped stop the WannaCry cyberattack.

Recommended for you

EU copyright law passes key hurdle

June 20, 2018

A highly disputed European copyright law that could force online platforms such as Google and Facebook to pay for links to news content passed a key hurdle in the European Parliament on Wednesday.

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.