Cyberattacks prompt massive security spending surge

In what experts called an unprecedented mass cyberattack using ransomware, more than 200,000 computers around the world were hac
In what experts called an unprecedented mass cyberattack using ransomware, more than 200,000 computers around the world were hacked beginning Friday using a security flaw in Microsoft's Windows XP operating system

The fight against cyberattacks has sparked exponential growth in global protection spending, with the cyber security market estimated at $120 billion this year, more than 30 times its size just over a decade ago.

But even that massive figure looks set to be dwarfed within a few years, experts said, after ransomware attacks crippled computers worldwide in the past week.

The "global cyber security market was worth $3.5 billion" in 2004, according to a study by Cyber security research firm CyberSecurity Ventures, but in 2017, "we expect it to be worth more than $120 billion".

In the five years ending in 2021, the firm said it expected worldwide spending on cybersecurity products and services "to eclipse $1 trillion".

"It has clearly been a rapidly increasing market for many years, particularly in the last two or three years," said Gerome Billois, a cyber security expert with consulting firm Wavestone.

Much of the growth will be spurred by massive cyber attacks like the so-called "Wannacry" ransomware that struck targets in dozens of countries, ranging from British hospitals to Russian banks.

In what experts called an unprecedented mass cyberattack using ransomware, more than 200,000 computers around the world were hacked beginning Friday using a security flaw in Microsoft's Windows XP operating system, an older version that was no longer given mainstream tech support by the US giant.

The virus spread quickly because the culprits used a digital code believed to have been developed by the US National Security Agency—and subsequently leaked as part of a document dump, according to the Moscow-based computer security firm Kaspersky Lab.

The attack blocks computers and puts up images on victims' screens demanding payment of $300 (275 euros) in the virtual currency Bitcoin, saying: "Ooops, your files have been encrypted!"

The massive attack has been a boon for cyber security firms, driving up stock prices of some while others, like six-year-old American start-up Crowdstrike, were able to raise $100 million in one day.

Ransomware: 'key trend'

High-profiles attacks like WannaCry "drive the market," Ilex International president Laurent Gautier told AFP.


Ransomware attacks represent about 22 percent of all global incidents NTT Security, an information security and risk management firm, handles for clients, said Kai Grunwitz, the firm's senior vice president for central Europe.

That number jumps to 56 percent for financial firms.

"So these types of attacks are certainly one of the key trends" driving up spending on computer security systems and tools, Grunwitz said, but "buying more software or hardware products will not fix the problem—awareness, procedures and a strategy aligned with the specific risk profile are key."

"Nevertheless, the global security market has grown in terms of revenue, and we see a very strong potential for additional growth in products but even more in consulting and managed security services over the next few years."

A still nascent industry just 12 to 13 years ago, the market gradually expanded because of the "digitisation of companies and countries" and the increasing online attacks which publicised the rising digital threat, Billois said.

"The growing wave of ransomware in 2014 created an enormous source of business for security research firms" because "companies were made aware of their vulnerabilities," said security expert Jerome Saiz.

Companies were slow to realise they needed to protect themselves since "the return on investment is impossible to determine," Saiz said, "and we cannot know which attacks we survived and how much they cost".

For large companies, putting in place an IT security strategy can cost tens of millions of dollars, he added.

Some like French telecoms firm Orange choose to bring the security in-house. The telecoms giant bought cyber security firm Lexsi last year.

To better respond to the threat from the other side, smaller security firms have banded together to create alliances, like the group of French companies who formed Hexatrust in 2014.

Either way, software security companies like US anti-virus firm Symantec are reaping the benefits. The company "doubled" its share price in one year, said chief security strategist Laurent Heslault.

But the threat from ransomware is hardly the only danger on the horizon.

The hacking of interconnected appliances and other internet-connected things, the theft of personal and financial data, and hackers engaging in online political campaigns will all drive the market in the coming years.

The biggest troubles however will not come from an attack but a "skills shortage": "a million cyber security jobs worldwide actually remain unfilled," Heslault said.

Explore further: Worldwide ransomware cyberattacks: What we know