There is a respectable number of existing and new players in the cybersecurity field forming the current realm of suppliers and vendors. The region is not lacking when it comes to cybersecurity solutions or vendors and they are all here for a reason: the regional cybersecurity market is still in the growth phase and is yet to reach saturation.
This is validated by Saurabh Verma, the Associate Director for Digital Transformation Practice at Frost & Sullivan, who finds the current cybersecurity solutions market quite cluttered and highly competitive. “There are numerous technology vendors in this space, and most of them are active in all the major regional markets. The service provider landscape however is a bit different; there are a number of global SI’s, niche security services firms, and local ITS firms / channel partners.”
The cybersecurity market itself is very promising as it is growing at a spectacular rate, valued at $14.48 billion in 2017 and expected to reach $34.6 billion by 2023 by research firm Mordor Intelligence. Gartner expects an increase of 8% in the worldwide security spending, forecasted to reach $96.3 billion this year.
Elie Abouatme, Senior Engagement Manager at Akamai Technologies MEA agrees that SMEs are vital to the regional economy and commends the support that UAE government provides to enable SMEs innovate and grow. “This has made UAE the most lucrative innovation hub in the region, fuelling SME growth in numbers and revenue.”
In most cases, SMEs are restricted by the lack of dedicated security teams and limited budgets. They are further challenged by the changing threat landscape, making them an attractive target for cyber-attacks. Sometimes they are unable to spot the right solutions as many of the advanced and well marketed technologies are focused solely on the enterprise market.
Verma agrees that IT budgets are a key challenge for this segment, followed by lack of technology understanding. “It is also important to note that most SMEs may not have data that is highly sensitive, which they must secure, and this makes the concept of cybersecurity a slightly tougher sell. In general, managed cybersecurity services delivered through a SOC should be more attractive for SMEs; since there is minimal/no capex in tech infrastructure, IT resources, etc. and their infrastructure is still managed in a sophisticated way by a professional services firm.”
As SMEs are rapidly moving to the cloud to stay competitive, they face many challenges. Many must adapt to new, complex regulatory environments. And all SMEs now face an increased volume of attacks—partially because bad actors are automating their attacks to threaten more targets, and partially because criminals know SMEs are often more vulnerable than larger organizations. But all these challenges fall under one problem: SMEs lack the resources to handle these challenges on their own.
“SMEs ought to realize that today’s threats can originate from anywhere, within the data center or the cloud. As users and devices move outside the enterprise perimeter and zone of control, a zero-trust model becomes the optimum protection strategy to abide by. Furthermore, SMEs must choose a solution that suits them today, but also scales to meet their growth in the future,” states Abouatme.
“To defend against creative, high-volume, multi-channel attacks, they require AI platform to process threat data and accelerate detection and response. However, AI platforms are too expensive for SMEs to develop, especially since they face a massive security skills shortage. Simply put— SMEs can’t do it alone,” explains Amit Roy, Executive Vice President & Regional Head EMEA, Paladion.
Dimitris Raekos, General Manager at ESET Middle East adds that it is also important to identify the right set of security solutions within budget. “Amidst restraints, it is important for SMEs to understand that cybersecurity not only depends on the providers they choose to safeguard, but also on themselves. When faced by lack of awareness of the available solutions, it is good to consult specialists. ESET offers solutions that fulfil requirements of SMEs both in terms of advanced security features and cost,” he adds.
In addition to resource challenges, another area of concern is the presence of too many players targeting the mass SME segment causing chaos in terms of selection of technology and services, says Shahnawaz Sheikh, Sales and Channel Director for SonicWall (META & CEE).
He further adds that the fast paced decision making and voluminous consumption of products and services in this segment at times leads to decisions made on overlapping technologies, under or over performing products and delays in execution and commissioning of projects.
Roy adds that the reason why SMEs are being increasingly targeted by cyber criminals is due to lack of sophisticated defense that makes it easy for attackers to achieve their objectives. “To counter this problem, Paladion is now offering its AI-Driven Managed Detection and Response Service in a package tailored for SMEs and the mid-market. This will help SMEs mount sophisticated defense against current cyber threats in an affordable manner,” he explains.
Sheikh further highlights how SonicWall continuously strives to take complexity out of the products at engineering and product management level bringing products that are easy to use and manage. The comprehensive security with end-to-end solution offering from SonicWall helps eliminate overlapping features and functionality, whether it is within internally within the SonicWall offering or externally, he adds.
IT security is critical for any business, irrespective of the size and segment of the organization, which makes SMEs a significant business opportunity for security players. However, they are a bit tricky to deal with, since they are highly price sensitive, and have limited IT budgets. Also, in the absence of a CIO/CSO, most of the decision making is typically done by the owners, who are generally not very tech savvy.
Apart from lack of resources, budgets and skill-sets, the biggest concern with most of the SMEs is that they are not even aware that they require a layer of security to defend their business interests. Few vendors like ESET try to counter this issue by organising specialized events like ‘ESET Security Days’ in all major Middle Eastern cities that offer interactive educational and product related information tailored for SMEs.
Taking the cue from ESET, other vendors and service providers also need to up their game to open up the market by educating SMEs about the need for security and how they can address their security concerns.