ALM Intelligence Research Spotlight: Cybersecurity Consulting Moves Beyond the IT Function

What is Cybersecurity Consulting?

ALM Intelligence views Cybersecurity consulting as a sub-set of Enterprise Strategy consulting with advisory focusing on delivering enterprise-wide cybersecurity strategies aligned with overall business strategies, while utilizing tools and technologies across functions to ensure that organizations are protected against cyber threats to information, infrastructure and applications. Importantly, this also includes establishing business processes, governance and infrastructure to best prevent and detect attacks and prepare for incident response and business continuity as needed.

What is driving client demand?

The drivers of cybersecurity consulting demand have been evolving as the threat environment continues to intensify, led by increased digital vulnerabilities (due to IoT, mobile, apps, cloud) and the increased sophistication level of attacks (both internal and external). At the same time, regulatory bodies are increasing oversight and requirements, raising the bar on compliance with steep fines for non-adherence; this all in addition to the enterprise risk to brand reputation in the event of a breach. But, importantly, there is a growing realization at the Board and C-suite level that compliance alone is not enough; and that business objectives must be aligned with security objectives for a proactive and preventative cybersecurity posture. This necessitates an organization-wide, top-down cybersecurity approach with various consulting implications including the need to:

1.  Align business goals with security models to achieve objectives;

2.  Adopt cloud when indicated for tighter security, provide agile, operations security models;

3.  Enhance product manufacturing and technical testing processes (embed security layers);

4.  Educate clients, provide training/awareness programs across functions, change culture to be security-focused.

How are providers positioning themselves, and how are they faring?

Many providers are making decisions on where to invest in their cybersecurity portfolios. The relatively new focus on Board/C-suite involvement requires many consulting firms to invest in capabilities in the areas of cybersecurity maturity assessment,  benchmarking capabilities and cybersecurity awareness in order to better articulate and demonstrate cybersecurity gaps and threats to a broader client audience. Providers that approach cybersecurity from a business perspective are coming out slightly ahead of the others by helping clients with business goals and gaining appeal from the greater C-suite.

Productivity-oriented providers are also proving valuable with a strong emphasis on improving efficiency through automation, analytics/visualization and organization improvements. IT security specialists are gaining traction through threat intelligence and cyber operations capabilities. Those providers with a narrower tools and solutions focus are slightly lagging behind the others as clients realize a big picture is needed and not just a specific tool or technology. To gain further insights into the provider landscape, ALM Intelligence provides a unique perspective on provider peer group analysis by grouping peers based on the most relevant characteristics that differentiate providers in the cybersecurity market, and not by who they compete with the most frequently.

For the latest cybersecurity research there are four peer groups that are segmented by their consulting approach which distinguishes providers’ relative emphasis on improving cybersecurity measures with a closer focus on those who work within the IT function or those who work more broadly aligning to the enterprise to support strategic initiatives. These service delivery models differentiate between providers that focus on helping their clients improve the operating system of technologies used to enable cybersecurity measures versus those that concentrate on the management system for mobilizing and directing resources across the enterprise to execute the cybersecurity strategy.

For the purposes of this analysis, the four peer groups break out in the following way:

Business View Providers: In this management peer group concentrate on identifying cybersecurity implications and priorities based on overall business strategy and performance, and market trends. There is a strong focus on understanding the client’s risk tolerance, overall cybersecurity posture, and how these compare to the industry and more broadly at a global level.

Tools-Oriented Firms: In this group emphasize using tools and solutions to accelerate both the cybersecurity consulting process and cybersecurity operations. This group also tends to have focused services around technology trends and cybersecurity, such as IoT.

IT Security Program Providers: In this group tend to be either pure-play IT security firms or firms with established IT security groups. These firms aim to assess, design and build every aspect of an IT security program with an emphasis on integrating threat intelligence.

Function Effectiveness: This group leads from a functional perspective with the goal of establishing processes and resources to efficiently integrate and manage cybersecurity operations.

Service Line: