Cybersecurity Ventures has released its Cybersecurity 500 List for Q2 2017. root9B and Herjavec Group remained number one and two, respectively, from the Q1 cybersecurity listing, but after that, there was a lot of movement in the top 10. Raytheon, for instance, moved into the number three position thanks to a historic cybersecurity deal valued at nearly $1 billion over five years with the U.S. Department of Homeland Security. IBM and Cisco both returned to the top 10 after hovering just outside that plateau in February. And KnowBe4 made a huge jump from number 38 in Q1 to six in Q2.
How do companies make significant moves, both up and down, in only a few months?
“We look at companies in a few different contexts,” explained Steve Morgan, founder and editor-in-chief at the Cybersecurity 500. “We are always evaluating revenue growth and market execution. But then we are also looking at what are the biggest challenges and which companies are doing what to help solve them.”
Take IBM as an example. “It may not be that obvious,” Morgan said, “but they are throwing a lot of weight behind supporting cybersecurity education at the high school level – which ties directly to the workforce shortage our industry is grappling with.”
Morgan emphasized the importance of security awareness training. Spending for security education is expected to reach $10 billion by 2027. “Security awareness has evolved from training employees to a discipline that is just as complicated and important as any other in our field,” he stated, and this played a role in KnowBe4’s jump in the rankings.
KnowBe4 was very surprising, moving up so much, Morgan admitted. “While the security awareness market is growing very quickly, it is an established space with dozens of companies who have been in it for years and quite a few new market entrants,” he added. “They keep doubling revenues and getting as big as they are – I couldn’t have expected that they’d grow so much again over the past year. But, given they are in one of the biggest growth markets and have such a visible officer (Kevin Mitnick, chief hacking officer), it makes sense.”
Raytheon was another surprising move, especially since their cybersecurity strategy is confusing in the marketplace. Raytheon had acquired Websense and renamed it Forcepoint, which tied in with Raytheon. Just when it seemed like the joint cybersecurity business was stalling, Raytheon signed what may be the largest cybersecurity contract ever. That solidified Raytheon’s spot as a top company.
Morgan shared his thoughts on some of the other rankings, including the following:
- root9B keeps its number-one slot. Morgan credits the company’s business model and an outstanding staff. It’s a business that has the potential to be a household name. But, Morgan added, the company is also at a point when you have to look at their financials (they are publicly held so the information is available). It has reached the point where leadership needs to execute and help the market understand exactly who it’s doing business with, what the major wins are, and how to establish the company as a regular competitor amongst the pure-play cyber firms who are more vocal in the media.
- BlackBerry is one of those companies really on the bubble right now. “They’ve done a remarkable job at repositioning from phones to cyber,” Morgan said. “Between the rebranding and some very well thought-out acquisitions, it really lifted them up. And they are still there.” The next thing is to determine how to accomplish market execution and scaling revenues around a pure-play cybersecurity business. “I expect in the next quarter or two – they will surprise us,” Morgan added. “It’s a question of whether we’ll be surprised by them rising or falling. They are another company with an outstanding CEO who is a turnaround specialist and went through this before when has was CEO at Sybase.”
- Seeing both IBM and Cisco return to the top 10. “IBM’s corporate performance can be somewhat of a drag on the buzz they are generating in the cybersecurity space,” Morgan explained. “But to see both of these two companies with $2 billion and cybersecurity businesses each; to continue growing their security revenues is pretty remarkable.” The companies also announced a major partnership with each other to help their clients combat cybercrime. “The news was very well received by the market, and organizations who do business with both of them. In essence, IBM and Cisco lifted each other up.”
- FireEye slips. They have a great CEO and strategy, but they’ve been struggling to find that tipping point to get them growing again. “Big as they are now, it’s not as easy for them as it was the first 10 years,” Morgan said. “I thought this may have been the quarter when they might turn the corner. It’s only been a year since Kevin Mandia has been CEO. He knows cyber as well as anyone. There have been some rumors about FireEye being an acquisition target. But they are just that, rumors.”
Cybersecurity Ventures continuously looks at new companies for inclusion in the Cybersecurity 500, by soliciting feedback from CISOs, IT security practitioners and service providers, and researching hundreds of cybersecurity events and news sources. Will we see dramatic shifts in the list in Q3?
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom’s Guide. You can reach Sue via Twitter: @sueporemba