Guest blog courtesy of LevelBlue and written by Tawnya Lancaster, Director of Product Marketing and Market Research, LevelBlue.
Overloaded security leaders increasingly turn to third parties for support and expertise as their cybersecurity woes become more pressing and it becomes harder to recruit and retain talent. This is reflected in the projected growth for cybersecurity services through 20281.
According to Gartner1, end-user spending for all security services will grow from $77.4 billion in 2024 to $116.9 billion in 2028, with a compound annual growth rate (CAGR) of 11.4%. Managed detection and response (MDR) is forecasted to be the highest growth area of security services, with a projected 17.1% CAGR through 2028. This is partly due to the continued, acute need for threat monitoring, detection, and response support. However, it’s also due to a growing need for help with risk identification, management and governance, exposure and vulnerability management, and incident readiness due to increasingly stringent regulatory requirements for reporting in these areas.
Compare this to the forecasted growth rate of network security products (a 9.9% 5-year CAGR, 2023-28, projected to reach $32.8 billion) and security software spending (a 13.4% 5-year CAGR, 2023-28, projected to reach $132.0 billion). What’s the storyline? The desire for help and expertise within security is as critical as the need for security products. And, as the threat landscape grows ever more formidable, especially with adversaries leveraging new AI tech, that need will likely not wane.
The flip side is that many different (and huge) providers have realized the opportunity in security services and are diving into the security services market for their piece of the “cyber money pie.” This includes software vendors, telecom companies, cloud service providers, IT service providers, and traditional IT consulting firms, as well as global MSPs (managed service providers) and MSSPs (managed security service providers). This creates a very crowded market in which business models are quickly changing so providers can better compete. For example, many organizations now see some big consultancies as a “one-stop shop” for everything from consulting to MDR.
In managed security services, the top 10 MSSPs include (alphabetically): Accenture, Atos, AT&T (LevelBlue), Deloitte, Fortinet, Leidos, HCL Tech, NTT Data, PwC, and Tata Consultancy Services. Together, these providers hold 49 percent of the MSS market share worldwide. Extending beyond the top 10 to top the 30 global MSS providers, the total “owned” market share jumps to 88%, leaving just 12% for the smaller, regional players. This raises several questions. Can the smaller regional players compete against these bigger players? Do they have to remain satisfied with fighting over the remaining 12% market share globally (which equates to approximately $3.5 million worldwide for MSS in 2025)? Can smaller players take a portion of the $26 million projected 2025 market share from the top 30? How can smaller regional players win the security service game?
Smaller regional service providers will be the most challenged as the services market continues its rapid evolution, especially as they try to keep up with technology changes, AI’s impact on service delivery, cyber skills shortages, and more. However, they also have an advantage, including the ability to:
- Specialize in industry or specific tech environments such as OT, cloud, or edge
- Provide regional context (including culture and language support)
- Partner with the larger players who can’t be everything to everyone
This is why many are choosing to partner with the larger providers in the market, augmenting their existing services and delivering those services operationally. It’s the classic “do I build or buy?” Which path should a regional player take to survive and thrive as a security service provider? On the one hand, building out your own service operations and tech platforms will likely yield higher margins, but it requires a significant investment of time, capital, and people. Can the “build” be done fast enough to keep up with the market?
For many, partnering means they can refocus their energy from development or operations to the business of selling, marketing, and building stronger relationships with their customers. Partnering with a larger provider can mean faster time-to-market on new services while giving less established brands important credentials and “weight” regarding customer trust, which is a more compelling path.
As regional players weigh their options, it’s clear that the demand for comprehensive, integrated security solutions is reshaping expectations across the board—even for larger providers. Why isn’t plain-old threat detection and response good enough?
Life is getting complicated for security leaders, and they now expect more than just “alarms thrown over the fence” from their providers. They seek a partner who can deliver in multiple areas and become a trusted advisor.
There are good reasons why MDR is the fastest segment in security services.
- Organizations are struggling to build and maintain internal security operations teams that include SOC analysts, threat hunters, threat intelligence research teams, endpoint security pros, and vulnerability management experts. The cost and complexity have become too high for anyone other than the biggest and most sophisticated organizations (and even they are looking to augment their in-house teams).
- The MDR market is evolving very fast. Customers are asking for proactive protection (i.e., vulnerability and exposure management and incident readiness) paired with effective reactive mitigation, response, and recovery. They want a response to inform future preventative measures, using the lessons from an incident to improve their security posture and reduce future risks. This requires more than just a single platform. It requires tech (often more than one platform), people, and established processes working together.
- Let’s not forget new regulations, which now call for annual or bi-annual reporting on how organizations identify, mitigate, and govern risk. In addition, they require faster, more comprehensive reporting on incidents that could potentially impact the business. For example, the European Union NIS2 directives, DORA updates, U.S. SEC regulatory updates, and regional and other country-specific requirements have all been rolled out in the last three years. Customers need help understanding the requirements and ensuring they are set up to comply.
When Gartner states that 40% of IT services contracts will have a security services component by 20281 (up from 25% in 2022), it’s easy to see there is an opportunity for everyone to grow their business. However, regional security service providers must meet the opportunity by expanding their suite of services beyond traditional MSS and MDR. How they accomplish this will determine the speed at which they bring new services to market and capture a larger share of the cybersecurity market. Whether you are an IT services provider, managed service provider, small consultancy, traditional MSSP, or even a reseller, competing in the crowded and raucous security services market will be more difficult. Now is the time to rethink or simply refresh your business model and consider new ways of growing your business — on the coattails of someone bigger.
1 Gartner Market Share Analysis: Security Services, Worldwide, 2023 2 Gartner Forecast: Information Security, Worldwide, 2022-2028, 3Q243 IT Key Metrics Data 2024: IT Security Measures — Analysis
