Chapter 6: Market Breakdown by

Industry Vertical

Cyber Security Market Verticals

Security attacks through the internet disrupt the privacy of an organization or an individual. Such
security problems are bound to increase as the internet continues to penetrate into numerous everyday
applications such as social networking communications, entertainment, automobile connectivity,
banking, bill payment, online shopping and others. The internet is an unsecure channel for sharing
information, as it is subject to fraud or intrusions known as phishing. Methods such as encryption,
firewalls and antivirus programs protect and transfer data over the internet.

As cyber security is a major and growing concern, different organizations across the North American
region have dedicated additional resources to the addressing cyberattacks as well as sought assistance
from firms providing security. Symantec, IBM, TrendMicro, Microsoft, HP, Cisco and WISeKey are some
of the firms that provide internet security solutions.

The North American market for cyber securities by industry verticals is segmented as follows:

• Banking, financial services and insurance (BFSI).

• Defense and intelligence.
• Telecom and IT.
• Government.
• Retail.
• Healthcare.
• Others.

Banking, Financial Services and Insurance (BFSI)

The threat of internet security seems to be rising every day as more people and organizations in the
North American region and the world are connecting to the internet through the world wide web, email,
VoIP and other services. Financial institutions work hard to protect their customers’ confidentiality in
order to safeguard their financial and private information. In recent years, there has been an upsurge in
internet-based security attacks against financial institutions. These attacks are more sophisticated and
keep on evolving as the technology advances. Thus, it is the responsibility of various banking, financial
services and insurance (BFSI) to ensure that their systems and networks are secure and ready to face
new challenges.

Financial institutions use security solutions and services to grant authentication to users for accessing
their database and systems; encrypting data, email and documents; archiving and timestamping
contracts and emails; applying digital signature to emails and documents; and securing messages being
transferred between systems. Additional importance is given to ensure secure payment transactions;
monitor e-commerce, password and login ID protection; encrypt voice communication and others. In

© 2018 | BCC Research LLC IFT174A Cyber Security: North American Markets | 39
addition, internet banking and financial solutions demand a unique identity for all applicants involved in
an online transaction to make them more trusted and secure.

Various government and financial regulatory bodies have passed several rules and regulations for
maintaining data privacy and protecting customers from the increasing number of online threats.
Regulations such as California Senate Bill 1386, Sarbanes-Oxley (SOX) and Gramm-Leach Bliley (GLBA)
make it mandatory for financial institutions to safeguard client data and report security breaches.
WISeKey, a company that provides digital authentication, identity management and information
security, has developed an innovative solution called WISeID. The WISeID eBanking edition provides a
customizable application for financial organizations to carry out efficient and secure transactions.

A major factor contributing to this growth is the presence of numerous financial institutions operating in
the North American region. These financial institutions face multiple internet security issues. The
internet attacks on such financial institutions are increasing daily, leading to the need for added internet
security measures.

Defense and Intelligence

For more than two decades, businesses and governments have faced problems in controlling cyber
threats and in developing appropriate responses that could tackle such threats. Although government
agencies have made heavy investments to secure the information that they have generated from their
databases, attackers have used superior technologies to infiltrate their defenses and steal important
database information. Governments maintain security measures to protect the integrity of defense,
aerospace and intelligence agencies. As these areas are of the prime importance, the infrastructure and
database information need to be secure.

The number of cyber threats faced by aerospace and defense companies is rising faster as these
organizations are at the frontline of the country’s security. Hackers have evolved into highly organized
hacking professionals. This hampers the defense systems of the aerospace and defense industries

For example, Akamai has developed cloud security services that would enable governments to employ a
“defense in depth” strategy to safeguard necessary information. Accenture provides solutions that
enhance the reactive capabilities of a company’s defense. These solutions help to minimize the time
taken by defense authorities to act and report a problem.

Telecom and IT
Guaranteeing the safety of consumer data and information is a prime concern of telecom and IT
organizations. The network structure of telecom service providers is changing rapidly to accommodate
the diverse needs of individual subscribers and business organizations, which exposes them even more
to network threats and attacks. The cost of such security breaches could be considerably large for both
service providers and consumers attached with these networks. Negative publicity due to such security
breaches could result in the loss of revenue and client trust. Computer application providers should
protect their customers from various malwares such as viruses, worms and hackers trying to access
confidential data. Ensuring network security is a main priority of any organization. Failing to do so can
hamper business productivity, limit innovation and damage an organization’s brand.

© 2018 | BCC Research LLC IFT174A Cyber Security: North American Markets | 40
Hence, telecom and IT companies need preventive solutions to protect their networks and the systems
attached to them. In addition, there is also a growing need for safeguarding voice communications as a
company’s industrial secrets, financial operations, strategies and intellectual property can be
intercepted unlawfully. In other words, it is important to secure telephone conversations as confidential
data can be accessed by unauthorized personnel. An effective way to avoid hacking, eavesdropping or
interception attempts is to transfer voice traffic in an encrypted form over public networks.

Government
Internet security has become a crucial issue due to the increase in internet traffic, which has indirectly
led to a rise in internet-based attacks. Internet threats majorly hamper the operations of businesses,
government bodies and common citizens. Various government agencies across the region strive hard in
order to improve their nation’s internet security and online information transaction systems and to
avert internet threats meant for disrupting the system. The main aim of these government bodies is to
prevent cyberattacks from taking place in order to safeguard the country’s vital communication
infrastructure, reduce the vulnerability of government departments to such attacks and minimize the
damage, if any, to administration.

Major factors contributing to the market growth are the rising number of attacks on government
websites. This data is highly confidential and misuse of it could have a devastating effect on a country’s
administration.

Retail
In the retail industry, transactions carried out through e-commerce facilities have been heavily targeted
by criminals seeking the personal information of credit card holders. Rising concerns about online thefts,
credit and debit card frauds, and phishing for private information can have a deep impact on consumer
behavior, which can directly hamper the success of a retail business. A sense of insecurity lingering in
the minds of consumers can drive them away. Safeguarding consumer personal and financial data is
critical because a security breach can prove to be as hazardous to an organization, by tarnishing its
reputation, as it is to customers. Securing and maintaining point of sale systems (POS), websites and
online business applications is crucial for both online and traditional retail merchants. As discussed
above, loop holes in providing online security may lead to loss of revenue and future business. This
raises the demand for security solutions that provide secure networks, applications and systems, and
thus, in turn, help improve business performance. The USSS (United States Secret Service) and NCCIC
(National Cybersecurity and Communications Integration Center) have discovered a point-of-sale
malware named “Backoff,” which has been exploiting consumer payment data and business
administrator accounts remotely. Initially, this malware was not usually detected by major antivirus (AV)
software programs; however, now that retail companies are aware of it, they can update their (AV)
versions accordingly.

Apple Inc. has recently launched a new mobile payment system named Apple Pay for carrying out online
monetary transactions. The company claims that the privacy and security features of its new payment
application use a sophisticated encryption system that allows users to carry out purchases on credit card
without disclosing their card or account number. Apple Inc. has partnered with major financial
institutions, banks and large retail chains such as McDonald’s, Walgreen’s and Macy’s. Apple CEO Tim

© 2018 | BCC Research LLC IFT174A Cyber Security: North American Markets | 41
Cook also plans to partner with the Chinese e-commerce giant Alibaba, which operates several internet
services, including online payment, retail sites, etc.

Major factors contributing to this growth are the rising disposable incomes of people in the North
American region and the growth of online shopping markets. Due to their busy and hectic schedules,
many consumers now prefer shopping online rather than visiting the store.

Healthcare
Biomedical universities and institutions promote joined structure research, healthcare and teaching with
the well-being of individuals as the ultimate goal. Institutions train students and give them an
opportunity to experience professional, cultural and human growth to serve the people.

The Rome Biomedical Campus University promotes integrated structures for teaching, research and
healthcare, and pursuing the well-being of oneself as the ultimate goal of its activities. It offers students,
a training experience aimed at their cultural, professional and human growth, proposing the idea of
excellence in the spirit of service. Patients at facilities such as these receive complete care, both in terms
of their material and spiritual needs. Biomedical universities and institutions such as Rome Biomedical
promote knowledge, interdisciplinary sciences and research in all areas while collecting information,
which contributes to their ability to take care of patients. Healthcare and educational institutions extend
their networks to many different departments, which exchange data between servers and clients, and
among different institutions with the same IP network. Considering the widespread computerization, all
the segments linked with the IP security of the umbrella organization have a fundamental role to create
a robust and reliable infrastructure. It is important for each of them to protect their information from
deliberate attacks and from nanostructured risks such as virus threats. Kaspersky is one of the solution
providers offering cyber security solutions to identify and protect networks of institutions that are
dependent on multiple departments and service providers.

The increasing use of automation and innovative technologies in clinical systems, medical records and
medical imaging serves as a challenge for healthcare providers in terms of maintaining the privacy of
patient data and securing their IT infrastructure. Different threats involved in the industry include loss of
healthcare data without affecting clinical workflows, malware threats and 24/7 maintenance of critical
IT systems.

Other Industry Verticals

The other industry verticals where cyber security is witnessing promising growth are manufacturing,
education and transportation. Many organizations are developing software that could protect the IP and
manufacturing operations of companies. Lumension’s security management solutions provide software
that protect the manufacturing operations and corporate IPs from an inside source or targeted threats.
Because academic institutions are prone to cyberattacks, which result in loss of data and money, they
must also focus on cyber security measures. With respect to the transportation industry, the built-in
navigation system and sensors provided in most vehicles dispense information to users about their
surroundings. By procuring this information, the driver or the end user gets to know about the dangers
and traffic-related issues of the selected route. Sensor systems can serve multiple purposes such as the
detection of security threats by tracing adverse conditions, environmental conditions and impending
suggestions about imminent accidents.

© 2018 | BCC Research LLC IFT174A Cyber Security: North American Markets | 42
Manufacturing
The manufacturing sector represents a wide range of companies operating in various consumer goods
industries. Security threats for companies vary depending on the type of product. Globalization has
facilitated the extension of the supply chain, which makes manufacturers susceptible to attacks that
hamper a company in securing its data. Goods and equipment manufacturing companies are vulnerable
and prone to information theft, which consists of technology usage and a step-by-step implementation
of manufacturing the final product. High-priced and high-demand items need to be secured as they form
the backbone of the company in terms of generating revenue.

Business competition is increasing worldwide, and this can result in the theft of intellectual property and
trade secrets of manufacturers. Manufacturing companies face many security threats that include cyber
espionage/intelligence, web application attacks and denial of service attacks. Companies are targeted
for their intellectual property, business processes and technology that is implemented for production.
Other than government and mining, the manufacturing industry was one of the most attacked industries
in 2013. There were 251 total security incidences for the U.S. manufacturing industry in 2013, of which
59 industries confirmed their data loss. Symantec reported that nearly 13% of the overall internet
security attacks were for manufacturing industries. The Stuxnet computer worm, discovered in 2010,
attacks the software of industrial-programmable-logic-controllers, which control machinery on factory
assembly lines. The common cause of data loss for manufacturers is malware.

The Internet of Things (IoT) is an interconnection of computing devices with existing internet
infrastructure. IoT is currently drawing lots of attention by presenting potential security risks for
manufacturers. The safe flow of data is provided by linking corporate assets and end products via a
particular network. The network locates the objects and tracks their integration and usage to
manufacture the product. IoT allows manufacturers to manufacture and sell products by offering many
services that provide customers with information regarding the use of products. The sharing of ideas
and access to the internet has led to data losses for many organizations.

Many organizations are developing software to protect the IP and manufacturing operations of their
enterprises. Lumension’s security management solutions provide the software that protects
manufacturing operations and corporate IP’s from an inside source or targeted threats. The solution also
prevents zero-day threats and malware originating at an endpoint (including sensitive data stealing) and
tracks all the attempts that have been put into executing the application. Kaspersky Lab offers a wide
range of technological solutions that control applications, closes exposure of important software and
offers supreme awareness of cyber threats targeting industrial control systems. Kaspersky offers a
custom version of endpoint security software, specifically designed for manufacturing. Industrial
protection simulation by Kaspersky helps organizations train against cyberattacks that could affect the
facilities of their infrastructure.

Education
Academic institutions also need cyber security solutions, due to the rise in the use of internet services
among students. Constant browsing practices and spending more time on online services (shopping,
online banking and other financial transactions) among students are increasing the need of internet
security in academic institutions. In the current market conditions, academic institutions should also
comply with industry standards and follow government regulations related to data security. Violations
of these standards and regulations would invite many penalties and bad publicity for educational
institutions. To provide total security to computing devices in academic institutions, IBM’s internet

© 2018 | BCC Research LLC IFT174A Cyber Security: North American Markets | 43