Subscribe To Our Daily Enewsletter:

Top 15 Information Security Consulting Services Companies: Forrester Wave Q3 2017

Thousands of companies offer security consulting services. But which companies rank at the top of the list? Perhaps a Forrester Wave Q3 2017 report — focused on Information Security Consulting Services — can reveal some answers.

Indeed, the report analyzes and ranks 15 information security consulting companies. Forrester’s report is not to be confused with our own Top 100 MSSPs research, and additional MSSP-centric reports from both Forrester and Gartner.

To be considered for Forrester Wave: Information Security Consulting Services, companies had to meet at least these five criteria:

  • Global capabilities: Serving North America and at least two additional geographic regions.
  • Breadth of security consulting services: Each service provider provides guidance and implements solutions in a number of different information security domains.
  • Talent: Companies have to have at least 300 dedicated security consulting, advisory, and assessment consultants.
  • Customer Base: Each company has to have at least 300 information security clients globally.
  • Revenues: Each company generates at least $85 million in annual security consulting, advisory, and assessment services.

Forrester sorted the 15 companies into three groups:

  1. Leaders of the Pack: Here, Forrester pointed to KPMG, Deloitte, Accenture, and EY.
  2. Competitive Options: BAE Systems, PwC, SecureWorks, IBM, Leidos, Optiv, and Protiviti surfaced at this tier.
  3. Also of Note: Wipro, DXC Technology, Atos, and Verizon are on the radar but lag the competitors mentioned above, Forrester asserts.

Here’s a closer look at each tier…

Information Security Consulting Services Companies: 2017 Leaders

1. KPMG: The company has the clearest, most direct vision, Forrester asserts. KPMG seeks to help CISOs and boards of directors come together on information security as a business issue, not an IT issue, the researcher says. The company’s go-to-market approach leads with vertical expertise, while it is also applying investments across global member firms in areas like data analytics to cybersecurity engagements, Forrester add.

MSSP Alert’s spin: KPMG’s cybersecurity consulting revenues were $1.610 billion in 2016, up 17.8% from 2015, according to a Gartner report. Also, KPMG ranked No. 33 among the Top 100 MSSPs in 2017, according to MSSP Alert.


2. Deloitte: The company is at the forefront of bringing cybersecurity to digital transformation, Forrester claims. Most importantly, Deloitte backed up this marketing message by positioning security as a strategic pillar of its broader digital journey services, the researcher adds. Deloitte deserves particular credit for helping clients speak about security to business people and about business to security people. Deloitte has also scaled this strength beyond practice leaders, with senior delivery resources also trained and expected to discuss security in business terms, Forrester concludes.

MSSP Alert’s spin: Deloitte’s 2016 cybersecurity consulting revenues were $2.857 billion in 2016, up 14 percent from 2015, Gartner says. Deloitte ranked No. 23 among the world’s Top 100 MSSPs for 2017. Also, Deloitte suffered an email server security breach of its own in 2017.



3. Accenture: The company carries its deep technical expertise into strategic engagements, Forrester says. Understanding that a client’s attack surface and security challenges extend far beyond the walls of corporate headquarters is one of Accenture’s key differentiators, gleaned from years of operational experience within its outsourcing practice, the researcher adds.

MSSP Alert’s spin: Accenture’s cybersecurity consulting revenues were $601 million in 2016, up 6.2 percent from 2015, Gartner says. Also, Accenture ranked No. 19 among the world’s Top 100 MSSPs for 2017. On an embarrassing note. Accenture accidentally exposed some of its cloud IP via Amazon Web Services.


4. EY: The company stands out among the Big 4 for its security skills and technical assessments, Forrester asserts. Security is a strategic pillar and growth engine for EY, and it has numerous case study examples demonstrating client success, the researcher adds. EY’s vision and road map include expanding its managed security services portfolio, with services wrapped around intellectual property agreements, Forrester notes. For example, its Pathscan offering features technology born in Los Alamos National Laboratory, bundled with EY experts, driving the platform.

MSSP Alert’s spin: EY’s cybersecurity consulting revenues were $2.036 billion in 2016, up 8.2% from 2015, Gartner says. Also, EY ranked No. 26 among the world’s Top 100 MSSPs for 2017. EY showed its CXO know-how with this CFO-related security research.

Visit Page 2 of 2 for Competitive Options and Additional Companies to Know

Return Home

No Comments

Leave a Reply

Your email address will not be published. Required fields are marked *