There’s a huge security market report by Cybersecurity Ventures out just now (pdf)

It’s ‘cyber’ all around, commercially sponsored (might have some bias), but never the less some interesting stats;

  • Security is a complex market and moves a lot of money – as expected
  • There’s a global raise on money spent on security
  • There are new practices and areas for security to be explored; like insurance, new tools and processes
  • Security as a Service is here and it’s real
  • Everyone’s hiring and there aren’t enough resources to cope with demand
  • Security analytics is on the rise – which brings us to proper intelligence and insights
  • We still blame developers for bad security
  • Everyone is going opensource
  • No one is safe anymore

One thing I find particular interest is the rise of security insurance as a way to force companies to adopt new practices, while keeping themselves secure in order to lower their premiums. Right now web is the main point of entrance for vulnerabilities, but I guess that mobile will be even bigger and will present a huge risk to organisations.

Yes, developers need to have a proper training into security and security people should be on those devops teams from the beginning and not only when something goes live.

Finally, security analytics and intelligence will be the next currency, not exploits or vulnerabilities, but rather trends, future info and retrospectives that can help companies plan and route their way into a better security world.