Following substantial layoffs in the security sector during 2023, new job cuts ushered in the new year. Now with the all-but-certain impact of AI on cyber thieves, defenders and growth, is the cybersecurity market expanding or is it quietly contracting?
How would either condition affect MSSPs and MSPs? Is the ever-increasing volume of cyberattacks enough to keep the market growing with the demand for trained security professionals? Ultimately, how will zero days, ransomware and data breach after data breach play out for the cyber protectors?
While most, if not all analyst projections point to cybersecurity growth and upward spikes in employment, there are some indicators that the market may instead be set up to shrink.
Cybersecurity Jobs and Layoffs
Jobs in the IT sector, as a function of market conditions, continue to be impacted in 2024. Some of the layoffs this year are an extension of the job cuts announced in 2023. Last year, technology market makers Amazon, Cisco, Meta, Microsoft, Google, IBM, SAP, and Salesforce, along with dozens of smaller companies, many of them cybersecurity specialists, cut tens of thousands of jobs across the board.
Early returns show the same could happen this year. According to the website layoffs.fyi, a tech layoff tracker, in the first three weeks of 2024some 74 technology-associated companies across the board in multiple industries have laid off workers. Of those, four are notably cybersecurity-related in one form or another: Trend Micro, Orca, Veeam and Citrix.
At this same time last year, seven security companies had laid off nearly 1,000 workers. When viewed sequentially, three security-specific companies cut employees in December 2023.
After a massive hiring spree during the first years of the pandemic, start-ups and established technology companies let workers go when faced with higher interest rates that made it more perilous to fund new projects, along with an about face to chase profitability rather than growth. That's a typical equation in uncertain times.
Following two years of massive layoffs at IT companies, 2024 was expected to be a year of recovery for the IT industry. But no watershed has yet emerged. Still, there are many bright spots, among them the U.S. Bureau of Labor Statistics that estimates a 35% increase in information security analyst jobs between 2021 and 2031. And, according to Statista, the security market worldwide is projected to witness a substantial increase in revenue, reaching a staggering $23.7 billion by 2024.
How Big is the Cybersecurity Market?
The cybersecurity market size was valued at $154 billion in 2022 and is projected to grow from $172 billion in 2023 to $425 billion in 2030, for a 14% CAGR during the forecast, according to a Fortune Business Insights report.
Market growth statistics are well and good but there are still some unsettling signs for the market ahead.
Caroline Wong, chief strategy officer at Cobalt, a pentesting specialist, wrote in a recent blog post that 2024 will bring a “cultural shift among cybersecurity professionals,” as workers get “burnt out” from being asked to do more with less owing to budget cuts and layoffs.
This “struggle to prioritize their work” has a “dual implication” for the future, Wong wrote. “Security activities are not going to be at the same level as when they had greater investment [and] security controls will have gaps and known vulnerabilities [that] will fail to be addressed,” she said.
In addition, Wong said that insider threats from people with “personal economic motivation” could exploit their access to sensitive company information. And the “interplay” between regulatory requirements, increasing cyber threat and “resource constraints” will “test the resilience of organizations.”
Market Trends Impacting the Cybersecurity Market
What about the current trends prompted by the mass layoffs? How might the security market be contracting? Will future growth hinge on AI? Here's what we know:
- The real impact of layoffs. Some security-centric companies laying off workers are taking on more risk by stretching their security teams thinner instead of properly planning cuts and communicating overall strategies in the current high-breach volume environment. This could have a cascading effect in the industry.
- SOC's future. Once AI delivers full automation to the full cyberattack lifecycle, traditional tier 1 and tier 2 security operation center (SOC) analysts may become unnecessary because they won’t be able to respond to cyber incidents fast enough. The only choice will be to leverage AI-driven automation to stay abreast (or ahead) of the attackers.
- Follow the money. Well-funded startups zoned in on white hot issues such as AI, Internet of Things (IoT) security and zero trust technology have popped up all over the cyber landscape. At some point, that bubble, like many others before it, is probably going to pop.
- AI newbies. AI startups could prompt a drop off in hiring once they come to grips with market realities and push more workers out of jobs. A glut of workers in a market losing employers is a template for a contracting sector.
Worldwide, but especially between the U.S., China, Russia and the rogue nations, an arms race is going on to capture AI leadership both for offensive and defensive purposes as well as white hat innovation.
Skyrocketing growth estimates notwithstanding, combining economic factors with market dynamics could lead to a contracting security market.