What Is A Cybersecurity Company?
And Does It Matter?
When I talk to many buyers (aka Chief Information Security Officers, or CISOs), there is a tendency to prefer “cybersecurity companies” over “non-cybersecurity companies”. What makes a company a “cybersecurity company”, and do buyers really prefer these companies?
What Is a “Cybersecurity Company”?
There are lots and lots of vendors selling security products and services. For good reason. I support having lots of vendors selling security products — it promotes competition, allows for niche problems to have niche solutions, and enables international solutions to international problems.
If it was just about selling cybersecurity products, it would be easy to designate a company as “cyber” based on some measurement of sales. Companies like IBM, Microsoft, or Cisco would be market leaders. But these companies rose from non-cybersecurity beginnings, and are not considered to be “cybersecurity companies” by CISOs, even as CISOs buy their products in the millions of dollars.
“Cybersecurity” companies, then, are companies whose first product was designed to solve a cybersecurity or information security problem, the primary buyer being the security team, not other parts of IT or the business.