Worldwide security software revenue totalled $19.9 billion in 2013, a 4.9% increase from 2012 revenue of $19.0 billion, according to Gartner. The lower-than-expected growth was due to commoditisation of key subsegments and the decline in growth for two of the top five vendors.
'The market experienced slower, but still healthy, growth in 2013. This slightly tempered growth was partly due to the increased commoditisation of the endpoint security (particularly consumer endpoint software) and secure email gateway (SEG) subsegments (particularly consumer endpoint software) that in 2013 accounted for around 25% of the total security software market,' said Ruggero Contu, research director at Gartner.
> See also: Rethinking security for a software-defined world
'Overall, the larger trend that emerged in 2013 was that of the democratisation of security threats, driven by the easy availability of malicious software and infrastructure (via the underground economy) that can be used to launch advanced targeted attacks.This ubiquity of security threats has led organisations to realise that traditional security approaches have gaps, thereby leading them to rethink and invest more in security technology,' said Mr Contu.
'The consequent involvement of the business in security purchase decisions has both a positive and negative effect on software vendor revenue. With every company becoming a technology company, more organisations are now looking to leverage a multitude of data points to become more competitive. This desire to become more digital brings with it its own challenges in terms of securing this data to prevent data breaches and to protect against advanced targeted attacks.'
Although the top two vendors remained the same as last year (Symantec in first place, McAfee in second place), IBM took third place this year, displacing Trend Micro, which dropped to fourth place, although by a small margin. The top four vendors now account for 39% of the total security software market. This is the first time in many years that a broad portfolio vendor such as IBM (that is, not a pure-play security vendor) has been able to enter the top three.
From a regional perspective, the top three regions ranked by year-over-year growth were Emerging Asia/Pacific (12.8%), Greater China (11%) and Eurasia (9.3%). There are many factors in regards to the high growth in these regions — fast-growing regions start off from a smaller base when compared with more mature markets; some of these regions have a strong presence of local or regional vendors, which has presented unique challenges to established vendors as they plan their go-to-market strategies for these regions, particularly Greater China; the good growth in China's consumer security market is primarily due to the inclusion of advertising revenue sold through free endpoint security software, which is a popular revenue generating method for vendors in the China market.
The three largest regions (North America, Western Europe and Mature Asia/Pacific) accounted for 83% of the total security software market in 2013, but displayed a cumulative growth of 4.1%, which is slightly below the market average of 4.9%.
'The slower-than-average growth for security software in mature markets is due to the saturation of key segments of the technology market and the highly competitive nature of security deals, driven by an expansion of vendor capabilities into adjacent areas and the continuation of mergers and acquisitions,' said Mr Contu.
'Additionally, the high penetration rate of consolidated and mature technology areas such as consumer security software, endpoint protection and secure email gateway, has resulted in increased pricing pressure, along with the bundling of capabilities in suite offerings in the identity and access management space (user provisioning and web access management), which leads to a slowdown in discrete new license revenue.'