Skip links
Cybersecurity market opportunities

Cybersecurity is a USD 2 trillion market opportunity

Cyberattacks are proliferating, causing trillions of dollars of damage every year. The cybersecurity industry has a chance to step up and seize the opportunity. There is a USD 2 trillion market opportunity for cybersecurity technology and service providers, consultancy McKinsey says referring to a survey of the cybersecurity business. “Damage from cyberattacks will amount to about USD 10.5 trillion annually by 2025—a 300% increase from 2015 levels.”

The report says security providers need to find productive combinations of product, price, and services that vendors can tailor to target segments and are flexible enough to scale. 

“If the industry can meet these priorities, it can start to create the momentum that will increase its penetration across segments and put the USD2 trillion prize in play.”

Read Also:  MEPs want more cybersecurity and protection of infrastructure

“With billions of dollars of revenues set to flow into the market in the next three years, providers should seize the moment. That means optimizing engage­ment with the cloud, developing a pricing model for the midmarket, embracing innovation, and expanding managed-service offerings to create midmarket-friendly solutions.”

The report says organizations around the world spent around USD150 billion in 2021 on cybersecurity, growing by 12.4% annually. 

“However, set against the scale of the problem, even this “security awakening” is probably insufficient. A survey of 4,000 midsized companies suggests that threat volumes will almost double from 2021 to 2022.” 

“According to the survey, nearly 80% of the observed threat groups operating in 2021, and more than 40% of the observed malware, had never been seen previously.”

Read Also:  EU-wide cybersecurity rules for digital products

“These dynamics point to significant potential in an evolving market. Currently available commercial solutions do not fully meet customer demands in terms of automation, pricing, services, and other capabilities.” 

“As a result, the gap today between the USD150 billion vended market and a fully addressable market is huge. At approximately 10% penetration of security solutions today, the total opportunity amounts to a staggering USD1.5 trillion to USD2.0 trillion addressable market”. 

“This does not imply the market will reach such a size anytime soon (current growth rate is 12.4% annually off a base of approximately USD150 billion in 2021), but rather that such a massive delta requires providers and investors to “unlock” more impact with customers by better meeting the needs of underserved segments, continuously improving technology, and reducing complexity—and the current buyer climate may pose a unique moment in time for innovation in the cybersecurity industry.”

The report says four areas to focus on are: 

  • cloud technologies, 
  • pricing mechanisms, 
  • artificial intelligence, and (particularly in the midmarket)
  • managed services. 

“With strategic planning in these areas, and a robust approach to implementation, cybersecurity providers can make themselves more competitive and get a slice of the USD2 trillion pie.”

Read Also:  A focus on cybersecurity as 76% fear cybercrime

“From a demand perspective, fast-growing smaller organizations are exposed to proliferating digital touchpoints and ecosystem relationships. In addition, malware such as ransomware can pose an existential threat to small and midsize businesses (SMBs) and midmarket companies in a way it often doesn’t to large enterprises.” 

“Midmarket entities are often targeted by criminals looking to exploit unsophisticated security tooling.” 

“The proliferation of ransomware attacks targeting SMBs and midmarket companies means that even those that don’t currently employ or engage a security team have a responsibility to act. Fortunately, the SMB segment is becoming truly addressable by cybersecurity products and services for the first time, thanks to emerging economies of scale.”

“Across all segments, forecasted changes in allocated security spending is increasing as a percentage of services between internal and third-party services. So long as talent remains a problem, outsourced services will be essential for companies that need to support strong security outcomes.”

The report is written by Bharath Aiyer, associate partner in McKinsey’s Southern California; Jeffrey Caso, associate partner in Washington, DC; Peter Russell, consultant in New York and Marc Sorel, partner in Boston.

Read Also:  No More Ransom coordinating defense against cyber crooks


Moonshot News is an independent European news website for all IT, Media and Advertising professionals, powered by women and with a focus on driving the narrative for diversity, inclusion and gender equality in the industry.

Our mission is to provide top and unbiased information for all professionals and to make sure that women get their fair share of voice in the news and in the spotlight!

We produce original content, news articles, a curated calendar of industry events and a database of women IT, Media and Advertising associations.

    Do you want an experienced opinion on a job issue?
    Moonshot Manager is here to answer!

      Moonshot community sharing thoughts and ideas, in a anonymous, safe environment.