November 2021

Analytical Report (full version)

Request cost of the full version of the study: news@json.tv

Analytical Report (full version)

November 2021


November 2021

To register or Log in, to download the file

Download file

+7 926 561 09 80; news@json.tv

Write, call, if you have questions

J’son & Partners Consulting has completed evaluation and forecasting of “traditional” and “cloud” components of global cyber-security market. According to results, the estimated market has reached $29,6 bn in 2020 with 11% YoY growth. It is expected that during the period of 2021-2023 the market will continue to stably grow with 10% CAGR and will exceed $48 bn in 2025, while 5G and MEC bring new capabilities to secure critical industrial applications been deployed in hybrid clouds.




Because of absence of explicit definition of “cyber-security” term, i.e. absence of common unredstanding of ICT-product and technology segments been included into “cyber-security” market, along with traditional focus on estimation of one-time revenues from sales of hardware-dependent products, we have developend and applied original methodology, based on classification of cyber-security products by types of functionality and secured enviroments, as well as models of provisioning, including both one-time sales of hardware and software products and recurrent sales of subscriptions and cloud services.


The following cyber-security functionalities are included into estimation of the market:


- Functions of Firewalls, including exended functions of next-generations firewalls (NGFW) and unified threat management (UTM), among them are:
- application control;
- intrusion detection/prevention systems (IDS/IPS);
- Security Web Gateway (SWG);
- Security Email Gateway (SEG);


- Functions of Web Application Firewalls (WAF), including Anti DDoS;

- Functions of VPN gateways;

- Functions of Data Loss Prevention (DLP);

- Automated functions of Security Operation Center (SOC).


These functions are distributed into two groups of cyber-security by types of secured enviroments (secured objects) in order to correctly segment the estimated market:


- Functions for security of corporate perimeter, i.e. data, applications and user located in the “edge” (within private cloud) – these are mostly NGFW/UTM functions, also part of SWG, SEG and DLP functionality is used to secure end-points. 


- Functions for security of public clouds, i.e. data and applications been deployed in public clouds – these are WAF and Anti-DDoS functions, along with SEG and DLP for secure of applications backend. 


Security of hybrid clouds need both these groups of functions, but without their duplication in private and public parts of a hybrid cloud. Deployment of stand alone 5G access networks and MEC-hosts in nodes of 5G transport networks (in proximity to private clouds) brinds new capabilityes to hybrid model, transforming in into heterogenous end-to-end network-computing slices optimized for broad range of critical industrial  applications. 


Cyber-security market segmentation by functionality related to security of private, public and hybrid ICT-enviroments is used in combination with segmentation by models of security functions provisioning. These models includes “traditional” one, i.e. one-time sales of proprietary soft and hardware, and cloud model, i.e. Security as a Service (SECaaS) – provision of security functions as a service which meets all five essential charactiristics of cloud model as defined by NIST, including “on demand”, rapid elasticity and self-service (fully automated provisioning and service quality assurance). SECaaS can be provisioned directly by vendors of cyber-security functions and by their partners - Managed Security Service Provider (MSSP).


Due to broad use of subscription model by vendors of proprietary hardware-dependent cyber-security products for on-premise installation it is necessary to differentiate “pure” cloud services which meets all five essential characteristics of a cloud, and subscriptions, which can be defined as transitive from “traditional” on-premise model to cloud one.


Along with usual metrics for estimation and forecasting of any market – volume of sales (consumption) of products and services in monetary terms, we applied metrics unusual for markets formed mostly by sales of goods but broadly used for estimation of markets formed by regular sales of services – among these metrics are volume of subscriber base, penetration rate and average revenue per user (company).


The basic source of raw data for this research is publicly available reporting from key vendors and providers of security products and services. Using these raw data we filled quantitative model of the market in order to estimate its dynamics, structure and potential. Summary of results is given below.


Global Cyber-Security market in 2017-2020 


Estimations implemented by J’son & Partners Consulting according the described above methodology show that in 2020 the global cyber-security market has demonstrated 11% of YoY growth and reached $29,6 bln. – refer to Fig 1. 



Some 2/3 of the market is comprised of “on premise” products and subscriptions for secure of corporate perimeter - data and applications in offices and private clouds). Together with SECaaS, consumption of products and services for corporate perimeter security forms the major market segment. It corresponds with distribution of data between corporate perimeter and public clouds. 


In contrast to “traditional” on-premise model of cyber-security functions deployment, SECaaS demonstrate rapid growth with 46% CAGR during the period 2017-2020, partially replacing on-premise deployments.


North America is the leading region by consumption of cyber-security products and services with almost 41% share. In SECaaS consumption share of North America is even higher – 43%.


Forecast of global cyber-security market in 2021-2023 


According to forecast by J’son & Partners Consulting it is expected that estimated global cyber-security market will exceed $48 bln. in 2025, CAGR during the period of 2021-2025 will be 10% - refer to Fig. 2.



SECaaS will be the key driver for the market, its share of total cyber-security market in monetary terms will exceed 60% in 2025, while the volume of SECaaS consumption in 2025 will almost triple compared to 2020.  SECaaS for security of hybrid clouds will be the fastest growing segment with 24% CAGR. 


During 2021-2025 consumption of on-premise products and subscriptions for security of corporate perimeter will be stagnating, while consumption of hardware-dependent products and subscriptions for security of public clouds will fall almost three-fold.


North America will keep its leading position in consumption of cyber-security products and services during 2021-2025. 


In general, during 2021-2025 and above SECaaS segment will be the most attractive both for pure cloud players and for “traditional” vendors aiming to transform their business-model with “cloud-first” approach, while hybrid clouds with MEC will bring new capabilities to secure critical industrial applications.





The detailed results are represented in full version of the report:

«Global cyber-security market»


List of content

5.1. Corporate perimeter security (NGFW/UTM)
5.2. Public cloud security (WAF, Anti-DDoS, SEG, DPL)
5.3. Monitoring and analytics (SOC and SOCaaS)


List of figures

Fig. 1. Classification of cyber-security functions according to OSI model
Fig. 2. Volume, structure and dynamics of global cyber-security market by groups of functions and models of provisioning, fact for 2017-2020, forecast for 2021-2025, mln. USD and %
Fig. 3. Structure of global cyber-security market by models of provisining, fact for 2017-2020, forecast for 2021-2025, mln. USD and %
Fig. 4. Regional structure of global cyber-security market, fact for 2020, forecast for 2025, %
Fig. 5. Volume and dynamics of global SECaaS segment, fact for 2017-2020, forecast for 2021-2025, mln. USD
Fig. 6. Change of functional structure of global SECaaS segment, fact for 2017-2020, forecast for 2021-2025, %
Fig. 7. Dynamics of global SECaaS subscriber base, fact for 2017-2020, forecast for 2021-2025, corporate subscribers (companies)
Fig. 8. Volume and dynamics of ARPU by major groups of SECaaS functionality, fact for 2017-2020, forecast for 2021-2025, USD per month per company
Fig. 9. Penetration level and its dynamics by major groups of SECaaS functionality in USA, fact for 2017-2020, forecast for 2021-2025, % excluding microbusinesses
Fig. 10. Example of cyber-physical system adaptive closed-loop management: cloud IoT-platform integrated with on-premise building automation system
Fig. 11. Scale of global CyberCrime as a Service market
Fig. 12. Distribution of stored data by locations, fact for 2016, forecast for 2021
Fig. 13. Distribution of workloads by models of deployment, fact for 2016, forecast for 2021
Fig. 14. Distribution of corporate data between devices, private and public clouds, estimation for 2020
Fig. 15. Volume, dynamics and structure of on-premise cyber-security products by models of monetization (one-time and recurrent payments), fact for 2017-2020, forecast for 2021-2025, mln. USD and %
Fig. 16. Product and product-service business-models
Fig. 17. 3GPP definition of end-to-end network slice
Fig. 18. End-to-end network slice concept
Fig. 19. Cyber-security in network slice
Fig. 20. Evolution of products for security of corporate perimeter
Fig. 22. Vectors of attacks on applications
Fig. 23. Dynamics and transformation of DDoS attacks during 2019-2020
Fig. 24. Multi-tier architecture of applications

List of tables

Table 1. Volume, dynamics and structure of data-center traffic, fact for 2016, forecast for 2017-2021, Eb per year