Cyber security to the United States

Trends and opportunities

The market

Cyber security is the fastest growing technology sector and has implications across all parts of the global economy. While many technologies are in demand for their ability to reduce inefficiencies and increase productivity, the growth in demand for cyber security technologies is a direct response to an increase in cybercrime. Globally, cybercrime cost almost US$500 billion in 2015, and that price is steadily rising.

Governments, businesses and consumers are all under attack, and the cyber security sector is focused on preventing attacks, protection during attacks, mitigating damage and recovering loss after cybercrime activity.

The global cyber security market was valued at US$75 billion in 2015, and United States (US) research and advisory firm Gartner projects a 4.7 per cent increase in global cyber security spending in 2016.  The US accounts for almost 40 per cent of the global market, with four of the top five global cyber security companies headquartered in the US (Symantec, Intel Security, IBM Security, and Dell EMC).

As cyber attacks become more sophisticated, the cyber security industry has to protect more than the traditional network and software perimeters. For example, the recent DDoS attack on internet traffic company Dyn was initiated through Internet of Things (IoT) devices, such as DVRs, printers, etc. The attack crippled major companies from Netflix to Twitter and Amazon, taking them offline for hours at a time. The attack showed the very real threat of unprotected devices in the growing IoT industry.

Australia is well-placed to be a world leader in cyber security, ranking equal third, behind the US and Canada, in the ITU – Global Cybersecurity Index and Cyberwellness Profiles 2015. The index by which the countries are ranked is composite of five individual areas of cyber security focus: legal measures, technical measures, organisational measures, capacity building and international co-operation.

Gartner also forecast the Australian cyber security market to grow nearly twice as fast – at 7.5 per cent, to reach US$2.6 billion by the end of 2016 (Source: 2015 CSO Cyber Security Business Report, and Gartner Report ‘Forecast Analysis: Information Security, Worldwide, 2Q15 Update.’)

Opportunities

For cyber security companies coming to the US, the opportunities to find partnerships, collaboration, investment and customers are substantial.

As the cyber security market becomes increasingly fragmented, the main opportunities exist across four verticals: government/defence, financial services, healthcare, and critical infrastructure.

The US Government’s initiative to improve cyber security for critical infrastructure has made the federal government the biggest spender and funder of cyber security in the country, with US$19 billion budgeted for 2017.

The 2015 US financial services cyber security market was valued at US$9.5 billion, making it the largest non-government cyber security market. It is expected to exceed US$68 billion from 2016 to 2020 (cumulative).

The overall impact of cyberattacks on hospitals and healthcare systems is estimated to be nearly US$6 billion per year. In order to combat this massive cost, the healthcare cyber security market is projected to exceed US$10.85 billion globally by 2022.

Cyber-attacks on critical infrastructure are seen as one of the greatest threats. Cyber security spending for critical infrastructure protection is estimated to reach US$109 billion globally by 2020.

The capital spent on cyber security across these industries is staggering and points to the sheer size and opportunity for companies entering the US market.

Competitive environment

The US cyber security industry is concentrated in five clusters:

  1. The San Francisco Bay Area is primarily focused on the technology sector
  2. DMV (Washington DC, Maryland and Virginia) is primarily focused on the defence and government sectors.
  3. Massachusetts (Boston) is primarily focused on the healthcare sector.
  4. The New York Tri-State Area (New York, New Jersey, and Connecticut) is primarily focused on the financial services sector.
  5. The San Antonio- Austin Corridor is primarily focused on the defence and infrastructure sectors.

Sixty-three of Cyber Security Ventures ‘Top 100 Hottest and Most Innovative Cyber Security Companies’ in the world are located within those five clusters. Israel and the United Kingdom have the next most companies in the top 100 with nine each. Australia has one company in the top 100.

There are also emerging clusters in Atlanta, Chicago, Colorado (Boulder and Denver), Dallas, Houston, North Carolina (Raleigh- Durham- Chapel Hill), Pittsburgh, Seattle, Southern California (Los Angeles and San Diego) and Tulsa. Most of these are tied to strong research institutions or defence ties. 

For more information about the US clusters please read Austrade’s US Cyber Security Cluster Report

While the US cyber security opportunity is rich, it is challenging for niche and poorly-integrated solutions to gain traction in the lucrative market. Gartner projects a strong consolidation of security offerings in the market, therefore it is important for companies entering the space to have a product offering that easily integrates with existing systems (Source: Gartner Report ‘Forecast Analysis: Information Security, Worldwide, 2Q15 Update.’)

Tariffs, regulations and customs

In order to conduct temporary business in the United States, for example business meetings and consultations, attending conventions and conferences, or negotiating contracts, individuals need a visitor visas unless they qualify for entry under the Visa Waiver Program. Visitor visas are non-immigrant visas for persons who want to enter the United States temporarily for business (visa category B-1), tourism, pleasure or visiting (visa category B-2), or a combination of both purposes (B-1/B-2). Find out more about the visitor visa application.

Marketing your products and services

Market entry

The US market is the most competitive in the world and attracts ambitious companies and entrepreneurs from domestic and international markets. A competitive, well-formulated market strategy is essential and companies need to spend time and money understanding the market, their end user customers, their competitive position and their partnering approach to make market entry work.

See Austrade's International Readiness Indicator for new exporters

There are over 200 Australian information, communication and technology companies with a presence on the ground in the US. Most establish a sales and marketing operation in the US and leave research and development and support in Australia. However, a considerable investment is required to establish a US presence. Before establishing a presence, it is wise to have analysed US market potential and engage consultants or other advisers to assist with partner and customer introductions and sales and marketing planning.

There are also a number of incubators and accelerators in the US that offer partnerships and a soft landing into the United States market. There are cyber security specific accelerators, for example the University of Maryland in Baltimore hosts a Cyber Incubator. The US Department of Defence also funds an accelerator (DIUx) for innovative technologies for cyber security companies looking to target the defence industry.

Additionally, there is the Australian Government Landing Pad in San Francisco that was established as part of the National Innovation and Science Agenda. Find out more information on the San Francisco Landing Pad.

Links and industry contacts

Cloud Security Alliance
Cyber Security Ventures
International Information Systems Security Certification Consortium (ISC)2
National Cybersecurity Alliance
National Institute of Standards and Technology
U.S. Customs and Border Protection
Women in Privacy and Security (WISP)

Please note: This list of websites and resources is not definitive. Inclusion in this list does not imply endorsement by Austrade. The information provided is a guide only. The content is for information and carries no warranty; as such, the addressee must exercise their own discretion in its use. Australia’s anti-bribery laws apply overseas and Austrade will not provide business related services to any party who breaches the law and will report credible evidence of any breach. For further information, please see foreign bribery information and awareness pack.

Contact details

The Australian Trade and Investment Commission – Austrade – contributes to Australia's economic prosperity by helping Australian businesses, education institutions, tourism operators, governments and citizens as they:

  • develop international markets
  • win productive foreign direct investment
  • promote international education
  • strengthen Australia's tourism industry
  • seek consular and passport services.

Working in partnership with Australian state and territory governments, Austrade provides information and advice that can help Australian companies reduce the time, cost and risk of exporting. We also administer the Export Market Development Grant Scheme and offer a range of services to Australian exporters in growth and emerging markets.