The market for industrial cybersecurity products in most industries and regions is predicted to track the growth rate of capital expenditure, creating investment in cybersecurity hardware/software and services. The total market for industrial cybersecurity products reached $782 million in 2015 and is expected to grow at a compound annual growth rate (CAGR) of 18.8 percent to reach $1.8 billion in 2020, according to the latest Industrial Cybersecurity report from IHS Technology.
While the oil and gas sector is an important consumer of industrial cybersecurity hardware, software and services, capital expenditure has been curtailed by the decline in oil prices and the related plunge in oil company revenues. The substantial global reduction in oil revenue may tend to devalue the production assets themselves, even undermining the business case for further security protection.
In spite of this situation, regulation and the threat of further legislation have served to support the case for investment. In a strategically critical sector, the oil and gas infrastructure should be one of the most secure; however, many of its systems are poorly protected against cyber threats. At best they are secured with IT solutions that are not well adapted to supervisory control and data acquisition (SCADA) and other legacy control systems. Aging legacy control systems from diverse suppliers, and the geographic dispersion of assets, present challenges to operators for even routine measures, like installing software upgrades.
Meanwhile, the number and sophistication of industrial cybersecurity attacks is increasing and raising the likelihood of serious intrusion and loss. Middle-Eastern oil producers have previously been targeted, and they are now responding by securing their assets under the guidance of legislation, including new laws covering critical infrastructure for Oman, United Arab Emirates (U.A.E.), Qatar and Malaysia. Critical infrastructure includes assets in the oil and gas, power generation, water and wastewater and petrochemical refining industries. Qatar and Bahrain have draft laws on computer crimes under consideration, while Saudi Arabia and Oman already have cybersecurity legislation in place. The Qatari government is investing in a comprehensive infrastructure programme and has already implemented a National Shield Project. Qatar is now aiming to lead the way in developing and employing cybersecurity protection that will likely extend to its industrial base.
Developments in the world of industrial control — including the industrial internet of things (IIOT), cloud-based services, as well as Industrie 4.0 and other developments in the world of automation — have also focused attention on cybersecurity. The roll-out speed of this technology may depend on users confidence in its security (i.e. if the benefits will be outweighed by an increase in vulnerability).
The lack of people with cybersecurity skills has also become a major issue, which is why the market for provided services is becoming one of the fastest growing segments in the total automation market. However, while companies want suppliers to take care of cybersecurity issues, suppliers do not always have sufficient people trained to do it. In fact, many control engineers are reluctant to become cybersecurity experts, and IT people who are proficient are being absorbed by governments and the military.
Cybersecurity salaries are increasing rapidly, which may provide an incentive for more people to obtain the appropriate training. The current lack of in-house skills is helping to drive growth in service provisioning from external sources, at least until the skill gap is closed. While still a small part of the total market, IHS predicts strong growth in the number of training providers, along with increasing revenue in this sector.