Are cybersecurity investments recession-proof? Based on a study from McKinsey & Company, which estimates that collective cyberattack damage will reach $10.5 trillion annually by 2025 (driving potentially $2 trillion in cybersecurity technology spending), the answer would seem to be “yes”.

Massive growth in mobile applications, web apps (cloud-based and on-premises), IoT devices, APIs, cloud infra, and other assets continues to complicate the attack surface, especially for smaller companies that historically have had less to worry about in this area than enterprises. Orgs of all sizes are exposed now: In 2021, nearly 80 percent of observed threat groups targeting mid-sized companies, and more than 40 percent of observed malware, had never been seen before.

Source: McKinsey & Co.

The regulatory environment is also driving the need for more solutions: Within the United States alone, there are currently hundreds of state bills or resolutions that seek to regulate cybersecurity and data privacy, and the US Securities and Exchange Commission (SEC) has proposed new federal-level rules about breach notifications. In Europe, the environment is arguably even tougher thanks to GDPR, and NIS2 looms in the distance after recent adoption by the European Parliament. Globally, compliance-driven customer requirements will only grow.

With these strong market forces, you’d probably predict that the gap between spend and opportunity is fairly minimal–but you’d be wrong. In reality, the gap between actual spend ($150 billion in 2021) and market opportunity ($2 trillion) is glaring. According to McKinsey, that gap is both a failure and an opportunity:

“Such a massive delta requires providers and investors to “unlock” more impact with customers by better meeting the needs of underserved segments, continuously improving technology, and reducing complexity—and the current buyer climate may pose a unique moment in time for innovation in the cybersecurity industry.”

In other words, the delta exists because the cybersecurity industry has produced too many solutions that fail to scale up or down, add anything interesting to the technology conversation, and/or reduce complexity or noise. Cybersecurity buyers are crying out for a better approach to reducing risk, and that dissatisfaction is reflected in shallow market penetration by vendors.

Those buyers are also trapped in a deep and seemingly permanent talent crisis, which makes solutions that can help them meet their security goals in spite of that trap extremely timely. 

The Platform Shows the Way

At Bugcrowd, that innovation referenced by MicKinsey takes the form of a Security Knowledge Platform that brings the power of the global security researcher community to penetration testing and other security workflows in a scalable, highly engineered way, removing noise and adding contextual intelligence derived from 1000s of other customer experiences. The result is a unique ability to continuously discover and remediate hidden vulnerabilities that put you at risk of being blind-sided by cyber attacks–while providing a foundation for future applications of crowdsourcing to security.

Contact us to learn more!