Cyberattacks are good for security vendors, and business is booming

The cybersecurity business is booming, and cyberattacks are fueling its growth.

“We have said historically that we have a multibillion dollar cybersecurity industry because we have an insecure multitrillion dollar technology industry,” Brandon Wales, executive director of the Cybersecurity and Infrastructure Security Agency, said earlier this month during a media briefing at the RSA Conference in San Francisco.

Global spending on security and risk management is on pace to reach $215 billion this year, up 30% from almost $165 billion in 2022, according to Gartner.

Cybersecurity investments, driven by organizations’ well-founded worries about cyberattacks, underscore a counterintuitive element underpinning the market’s trajectory.

If technology vendors significantly improve the security of their products and services, the need for some security tools could decline. Systems that offset weak default settings or poor security controls in technology would be less applicable, but security tools and services will never be obsolete.

Through its secure-by-design initiative, CISA is pushing the industry to shift the burden of security responsibility from customers to vendors.

Many top technology firms and cybersecurity vendors, including AWS, Cisco, CrowdStrike, Google, IBM, Microsoft and Palo Alto Networks, signed a voluntary pledge this month to embrace the secure development and operational practices espoused by CISA.

Cybersecurity vendors play it both ways. They develop defenses and mechanisms to help organizations thwart or mitigate attacks, while pointing to cybercriminal activity as evidence of their value proposition for customers. The rush for revenue in differentiated strategies introduces unnecessary complexity.

The cybersecurity industry is part of the problem, according to Allan Liska, threat intelligence analyst at Recorded Future.

To read the complete article, visit Cybersecurity Dive.