Thousands of IT consulting firms offer security products and services. But which ones are the largest providers of security consulting services?
To answer that question, Gartner built a top 10 list of security consulting firms for 2016 based on annual revenues. But before we share the list, it's important not to confuse it with managed security services revenues and associated capabilities. After all, Gartner's Magic Quadrant for MSSPs in 2017 is strikingly different than the IT consulting list. The same goes for the Forrester Wave report for Top North America MSSPs. (Still, a handful of companies appear on multiple lists.)
Gartner Ranks Top Security Consulting Firms
Now, onto Gartner's Top 10 Security Consulting Services Firms list based on 2016 revenues in the sector. The 'recent moves' commentary after each company is from MSSP Alert rather than Gartner.
1. Deloitte
- Security Consulting Revenues: $2.857 billion in security revenues for 2016, up 14 percent from 2015)
- Recent moves: Deloitte’s Canada wing in June announced a partnership to use LogRhythm’s Threat Lifecycle Management (TLM) technology in the MSSP practice.
2. EY
- Security Consulting Revenues: $2.036 billion, up 8.2%
- Recent moves: EY in June 2017 acquired Open Windows Identity, a cybersecurity services consulting division of Australia-based contract management software company Open Windows, for an undisclosed sum. The acquired firm became EY’s new APAC region Identity Management Centre of Excellence led by former Open Windows Identity CEO Simon Adler.
3. PwC
- Security Consulting Revenues: $1.947 billion, up 17.8%
- Recent moves: PwC recently published its annual Global State of Information Security Survey.
4. KPMG
- Security Consulting Revenues: $1.610 billion, up 17.8%
- Recent moves: The company's latest research suggests U.S.-based CEOs are making significant investments to get cybersecurity under under control.
5. IBM
- Security Consulting Revenues: $731 million, up 0.6%
- Recent moves: In addition to security consulting, IBM plugs many customers into its X-Force Command Centers worldwide for ongoing cybersecurity monitoring. But X-Force recurring revenues are not to be confused with traditional IT project revenues.
6. Accenture
- Security Consulting Revenues: $601 million, up 6.2%
- Recent moves: Accenture points to these four trends in the cybersecurity market, and the potential implications for customers.
7. Booz Allen Hamilton
- Security Consulting Revenues: $482 million, up 2.1%
- Recent moves: Booz Allen Hamilton and Splunk in July 2017 unveiled a cyber threat intelligence service that Booz Allen offers to its end-customers.
8. HP Enterprise
- Security Consulting Revenues: $388 million, down 3%
- Recent moves: I'm not positive but I believe most or all of this business is now housed at DXC, which acquired much of HP Enterprise's IT consulting businesses when it merged with CSC earlier this year.
9. Optiv Security
- Security Consulting Revenues: $373 million, up 15.5%
- Recent Moves: KKR, the big private equity firm, acquired Optiv Security in late 2016. The purchase price was never publicly disclosed -- but we hear the figure was $1.9 billion, according to our ChannelE2E sister site.
10. BAE Systems
- Security Consulting Revenues: $290 million, up 14.2%
- Recent Moves: BAE also appears on the Forrester Wave list for top MSSPs in North America.
That's the overall list. We'll be sure to update this blog when the 2017 list surfaces sometime in mid-2018.
