Sometimes it’s the little things that catch your eyes and get you thinking – like when Lockheed Martin, the Bethesda, Md. giant U.S. defense contractor dropped $10 million to open a new Security Intelligence Center in Kingston, Australia, at the end of 2013. A small figure for a big firm like Lockheed, but still … Lockheed going after business in Australia with the burgeoning U.S. cyber-spending going on in its backyard?
Or last summer in 2014 when BT’s president of global services for Asia stated Australia was the No. 1 target for DDoS (distributed-denial-of-service) attacks. Hmm … Australia? And BT actually has a president there? BT is the U.K. giant that is duking it out with major players in the U.S. and other larger countries for managed security services contracts with Fortune 500 and Global 2000 corporations.
Just a few months ago, KPMG Australia acquired First Point Global, a leading adviser on cybersecurity and implementer of Identity and Access Management (IAM) solutions to clients across the Asia-Pacific region. This combined group has formed to become KPMG First Point Global. A small acquisition, but again … Australia. You would think KPMG is more focused on winning risk and compliance contracts with the big corporates in the U.S. and Europe.
So you do a little more digging and find out that most of the big defense contractors headquartered in Virginia – which also play in cyber – and which service nearby federal agencies, also have offices in … Australia. And each one of the Big Four (KPMG, EY, PwC, and Deloitte) have cyber-risk groups in Australia.
There’s probably not one momentous event that knocks you off your chair when it comes to the cybersecurity market in Australia. But the cumulative effect of cybercrime in the technologically savvy and advanced country is really starting to add up. Compared to larger global economies that are analyzed by dozens of IT research firms, there are not nearly as many reports on the cybersecurity industry in Australia. But there are certainly enough data points to start counting up to hundreds of millions, and now billions, of dollars.
For VCs looking outside the U.S. for investments, and for U.S. cybersecurity firms seeking international export markets and channel partners, Australia is a ripening market and psst … this is a whisper in your ear: go have a look.
Analyst firm Frost & Sullivan forecasted the cybersecurity market in Australia and New Zealand to reach revenues of more than $1.6 billion (USD) by 2019. This is up from a little over $590 million in 2012.
That sounds like a good stab at sizing the market, but it also sounds awfully low considering the worldwide cybersecurity market is defined by market sizing estimates that range from $77 billion in 2015 to $170 billion by 2020. The British insurance company Lloyd’s estimates that cyberattacks cost businesses as much as $400 billion a year, which includes direct damage plus post-attack disruption to the normal course of business. Some vendor and media forecasts put the cybercrime figure as high as $500 billion and more.
To round things out and venture a rough estimate for cybersecurity spending in a moderate to advanced technological country or region (based on the global figures), you might say that total cybersecurity spending in Australia will be roughly one-sixth of cybercrime costs. It is far from a perfect mathematical model, but it’s probably good napkin scratch for a VC or angel who is looking to outmaneuver the other sharks and find some fertile investment opportunities.
Cisco stated, “Globally, national losses from cybersecurity incidents are estimated to be as high as 1 percent of GDP, which for Australia, could be as much as $17 billion dollars per year.” Using the one-sixth of cybercrime costs formula, that implies cybersecurity spending in Australia is more along the lines of $2.8 billion currently.
The Australian Cyber Security Centre (ACSC) recently released its first-ever unclassified cybersecurity threat report. According to the report, “the cyber threat to Australian organizations is undeniable, unrelenting and continues to grow.” The incidence of cybercrime attacks has increased 20 percent in the last year, to 1,131 attacks. This is up from 313 attacks per year in 2011. The figures suggest there’s a lot more headroom for cybersecurity spending in Australia come 2019.
Some of the world’s hottest and most innovative cybersecurity companies are moving to capitalize on the Australian market.
Nexusguard, which is headquartered in San Francisco, Calif. and listed at No. 24 on the Cybersecurity 500 list, is planning to open a new office in Sydney next month, and will follow that with opening one of its industry-leading globally distributed scrubbing centers in Australia in 2016, according to Hope Frank, chief marketing officer.
Nexusguard is the global leader in DDoS defense, which is squarely aligned with BT’s conclusion that Australian businesses are the No. 1 target for DDoS attacks. Nexusguard brings its DDoS vulnerability assessments, DDoS penetration testing and other DDoS protection solutions and services to an Australian market that is at the end of the cyber runway for take-off.
Hot players like Nexusguard setting up shop in Australia are the big things that start drawing attention to an emerging region. It costs a lot more, proportionately, for a company like Nexusguard to invest in a new country initiative compared to a Lockheed, BT or Big Four outfit.
So where do you go from here? How about Down Under on August 24 – 25? Seriously, pack your bags and head for the Gartner Security & Risk Management Summit being held in Sydney, Australia. The event brings together hot cybersecurity startups locally and across the globe with Australian government and corporate CISOs, risk officers, privacy and compliance officers and IT security professionals. Be one of the early VCs to get a handle on the Aussie scene and network with some promising young cyber firms before they pitch your competitors. If you’re a U.S. cybersecurity firm, then go find out if Australia is your next move.
Steve Morgan is founder and CEO at Cybersecurity Ventures and editor-in-chief of the Cybersecurity Market Report and the Cybersecurity 500 list of the world’s hottest and most innovative cybersecurity companies. Follow Steve on Twitter or connect with him on LinkedIn.