From: RegTech Analyst
Despite Covid-19 causing a spike in digital threats, investment into cybersecurity has cooled down.
The coronavirus is not only a threat to people’s health, but also to companies’ digital defences. As the contagion spread across the globe in the beginning of the year, many businesses had to embrace remote working.
However, having employees work from home has come with a lot of cybersecurity risks. As workers tucked in at home for the long haul, they no longer benefited from the same digital defences that they would’ve had in their offices.
Criminals didn’t let this opportunity pass them by. Leveraging the health crisis, bad actors doubled down on their efforts to launch more ransomware, phishing, financial frauds and other scams. No wonder that the cost of security breaches has also gone up since the coronavirus outbreak.
Given the rise in hack attacks and a huge number of employees still working from their kitchen tables, it’s hardly surprising that the pandemic has pushed companies and governments to rethink their cybersecurity strategies.
So, with all that’s going on, why is it that investment into the cybersecurity sector seemed to cool down in the second quarter of 2020?
Globally, cybersecurity companies raised $700m between April and June, representing roughly a 60% drop to the levels seen in the first quarter of the year, according to FinTech Global’s research. In total, the sector raised $2.2bn in the first half of 2020, which is not even half of the $4.7bn raised in 2019.
“Cybersecurity is clearly growing on the backs of Covid-19,” says Miles Busby, CRO at IDmission, the biometric and authentication software company. “However, the investment world, particularly private equity, is looking at a more long term impact a vendor can have on an industry and not what is clearly going to be a short term issue. In addition to their outlook they are also going to take into consideration how crowded the space [is]. As an example there are hundred of players in the identity space that have a hug head start in this market and the investment community may not see enough of a market mover to invest.”
Fredrik Daveus, CEO of Kidbrooke, the WealthTech company, believed the sector still shows plenty of potential. “Most sectors see a decline in investment due to Covid,” he says. “I think the cybersecurity sector will benefit from increased level of remote work and from the recent GDPR challenges caused by Schrems II.”
E.J. Yerzak, director of cyber IT services at at Compliance Solutions Strategies (CSS), the RegTech company, suggests that the drop in investment is due to a paradigm shift towards cloud-based working environments that has been in the works for some time and that has been accelerated due to Covid-19. This, he argues, has also shifted how businesses can manage risks.
“For example, remote workforces contribute to increase risk of phishing, which can be mitigated cost-effectively by conducting phishing testing and providing remote security awareness training,” Yerzak says.
“Consequently, what we are seeing now are the effects of this paradigm shift. I would expect a continuation of this trend for the second half of 2020, with fewer dollars allocated to maintenance of costly on-premises hardware and on-site tech support to greater dollars allocated to more affordable and efficient hosted solutions for cybersecurity and regulatory compliance risk management.
“I would also expect to see overall tech spend decline as organisations seek to consolidate vendors amidst tightening budgets, positioning those vendors who can provide versatile services and software support in a stronger position to capture a greater share than one-off, point solutions.
“While IT expenditures as a whole are expected to decline during the pandemic, that decline masks the fact that cyber risks have actually increased during the same period. Gartner predicts that cybersecurity spending in particular will be the outlier showing a greater business need, with 2.4% growth expected for 2020 – evidencing a larger focus on cybersecurity services to manage remote risk and a smaller focus on networking equipment at corporate offices.”