1. While budgets remain resilient, there is increasing pressure to consolidate vendors.
Chief Information Security Officers (CISOs) reported that while they’re not experiencing major budget pressures, they’re starting to explore opportunities to consolidate vendors. Morgan Stanley ’s research group said that they "didn't hear of a single CISO or CIO looking to cut their security budget,” but that they are looking to consolidate tools before taking on new vendors.
As consolidation becomes standard, new deals experience greater scrutiny, with CFOs becoming more actively involved in the decisioning process. Given this trend, we expect—and have already started to see—revised forecasts for many companies in the space as they adjust for longer sales cycles.
2. M&A activities are likely to increase, with private equity playing a key role.
As pressure to consolidate builds, companies that offer true platforms will continue to gain momentum, with buyer’s rigorously rationalizing their portfolios.
Private equity players will be eagerly waiting to get in on the action. As indicated during the Piper Sandler conference, “Given the large number of scaled, $100 million-plus ARR companies with limited exit options, we predict private-to-private M&A, including to private equity or private equity-backed platforms, will continue to increase in 2023.” This will also influence CISOs decisions as they are concerned about bolt-on acquisitions, and vendor lock-in.
3. Cloud security is gaining incredible traction.
We continue to see workloads shifting away from on-premise to cloud or multi-cloud environments.
According to Goldman Sachs, the Cloud Native Application Protection Platform (CNAPP) market—encompassing cloud security posture management, cloud workload protection, and cloud service network security—will reach ~$11 billion this year, assuming a 2.7% cloud spend penetration. They believe the penetration could reach 5% in addition to continued growth in the space.
Morgan Stanley is also heralding the rise of cloud security expenditures, predicting a $17 billion Total Addressable Market for cloud security by 2025, and according to their latest CIO survey, cloud security spend increased from the No. 4 priority to the No. 1 priority over the past year.
Given its importance, this is a segment where best-of-breed platforms could potentially win over larger platform vendors, although many of the emerging players are pushing to also become platforms.
4. Forget unicorns, we may see a ‘hectocorn’ by 2025.
Morgan Stanley predicted that we will see the first $100 billion cyber company—a “hectocorn”—emerge over the next two years. Given the large Total Addressable Market for CNAPP, we believe that the space will be a strong contender in the competition for the honor of the first hectocorn. This is especially likely as we see a convergence of DevSecOps and cloud security; as well as Cloud Security Posture Management and Cloud Workload Protection.
5. Hackers have discovered the power of AI, adding pressure to companies to adopt strong AI solutions.
We should expect to see more sophisticated attacks, but many cyber companies we spoke to at RSA are already developing antidote solutions, although we still haven’t seen broad adoption. Concerns around security, privacy, and accuracy appear to currently be limiting appetite for broader use.
6. Look for CISOs to add AI security to their portfolio's over the coming year.
With its recent accelerated adoption following the release of ChatGPT 3.5, AI security is one of the fastest-growing emerging spaces, with companies such as Austin, Texas based HiddenLayer winning the 2023 RSA Innovation Sandbox contest for the “most innovative startup.” The company’s security platform helps enterprises monitor machine learning algorithms for adversarial, machine learning attack techniques–an increasing threat for CISOs.