Markets and Competition

Overview

THE PRESENT MARKET

The global cloud services market in 2014 was approximately $150B. Global cyber security expenditures during that same time period were about $95B. Cloud services are driven by clear and fundamentally accepted ROI metrics. At this time, cyber security expenditures have no such metrics and are hampered by stiff resistance caused by lack of information and confusion within both business and IT leadership circles. Despite this, security problems are becoming so severe and the threats so great, that expenditures for cyber security solutions are about to explode and will subsume those for cloud services.

________________________________________________

Estimates vary, but global information security expenditures rose in 2014 to between $71.1B (a 7.9% increase over 2013, according to Gartner) and $95.6B (a 10.3% increase over 2013, according to MarketsandMarkets). These numbers are expected to continue to climb by at least 10% per year as security breaches increase in frequency.[See References below.]

"Cyber Security is projected to be among the fastest growing segments of the Information Technology (IT) sector in the next 3 to 5 years, with significant potential investments from companies to secure their computing environment," according to research by MarketsandMarkets.

To attempt to come to grips with the enormity of the security problem, the Dell Technology Adoption Index reports information from its recent global survey of IT leaders and employees at more than 2,000 companies in 19 industries and 11 countries. Conducted in 2014, the report states that "It is hard to overstate the importance of security these days. Threats continue to proliferate, with attacks now averaging nearly 120,000 per day, resulting in an average loss of $2.7 million each."[See References below.]

TARGET MARKETS: CUSTOMERS/USERS

Data1Qbit's mission is to collect all possible data related to vendors and products in the cyber security industry and then package and sell that data in multiple ways, including through our flagship product VAaaS (Vendor Assessment as a Service). The target markets for that data are quite extensive. They are outlined in detail in the pro-forma.[See "Confidential Documents" section of this business plan.]

A profile of our target markets can be broken into ten key customer/user segments. The descriptions and sizes of each of these market segments are detailed below.

Business and IT professionals involved in making cyber security decisions and product purchases
Consultants advising buyers of IT security products
Analysts serving investors and stakeholders in IT security companies
Investors and financiers of IT security companies
Friendly governments and security agencies
Government, military, cyber security and law enforcement agencies, and IT procurement specialists
Think tanks
Cyber security product vendors
Cyber security insurance underwriters and product developers at insurance companies, large enterprises, and municipalities
Risk managers, auditors and analysts

Business and IT professionals involved in making cyber security decisions and product purchases
- Business owners and corporate officers: CEOs, COOs, CFOs. (According to Dun & Bradstreet, there were 23 million businesses registered with them in 2014.)
- CTOs, CIOs, CISOs (Chief Information Security Officer), and other IT professionals involved in cyber security decisions. (According to Frost & Sullivan, this number was 3.6 million in 2014.) [See References below.]
- Corporate procurement/vendor assessment officers. (According to the U.S. Department of Labor's Bureau of Labor Statistics, this number was 72,200 in 2012.) [See References below.]
Consultants advising buyers of IT security products
- IT security consultants. (According to LinkedIn, there were 7,488 listed in 2014; for the broader term of "IT Consultant" there were 288,963.)
- VARs (value-added resellers) and IT integrators are specialized consultants and vendor relationship managers. Although there are no specific numbers available for the size of this market segment, VAR growth is expanding”especially with regard to the high-demand area of cloud migration. [See References below.]
- General business and BPM (business process management) consultants. (According to an article in "Businessweek," this number was 400,000 in 2011. There were 279,000 self-identified business consultants in LI in 2014.). [See References below.]
Analysts serving investors and stakeholders in IT security companies. This would include analysts working for large investment institutions, as well as private wealth management advisories. (According to the U.S. Department of Labor's Bureau of Labor Statistics, this number was 253,000 in 2012.)
Investors and financiers of IT security companies: Angels, VCs, private equity, investment bankers, private offices and corporate venture capital. (Specific numbers are not available; however, reported investment amounts”$1.7 billion invested in 2013, according to "Cybersecurity Industry Report, 2014" [see References below] are quite significant and indicative of interest in the space.
Friendly governments and security agencies. Cyber security is a global threat and our data is a global solution. Worldwide, governments are the largest consumers of IT products, and they have some of the largest exposures to attack. As our database on cyber security companies, the products they produce, and other associated information grows, it will be of great value to governments all over the world.
Government, military, cyber security and law enforcement agencies, and IT procurement specialists. Law enforcement agencies in the U.S. and globally are on the frontlines of the battle against the opportunists, cyber criminals and rogue governments that are attacking our IT infrastructure and assets. These agencies are woefully out-gunned and desperately need tools to not only protect their assets but to understand the threats. (According to the federal government, there are approximately 2,000 federal agencies, many of which have counterparts at the local level. Specific job data are not available.) The military is engaged in a major cyber sec ramp-up. [See References below]
Think tanks (aka policy institutes or research institutes). According to Wikipedia, there are more than 6,800 think tanks globally, and they are usually closely allied with government and business leadership and influencers. The global cyber security threat is such that think tanks are being called upon to help formulate policy and suggest response mechanisms. Think tanks, just like all other organizations, need the type of data we collect in order to help them perform their work.
Cyber security product vendors. By the end of 2014, there were approximately 2,000 U.S.-based cyber security product manufacturers. Depending upon how cyber security product categories are defined, there are between 75 and 100 separate categories”such as firewalls, encryption, wireless network protection, intrusion detection, data loss prevention, etc. A drill-down into each category reveals thousands of products presently offered for sale by cyber security vendors.
Cyber security insurance underwriters and product developers at insurance companies, large enterprises, and municipalities. Cyber risk insurance represents a relatively new, but rapidly accelerating, share of the overall insurance market. According to "The Washington Post," companies in the U.S. paid $2 billion in cyber security insurance premiums in 2014. This represents a 67% increase over premiums paid in 2013. [See References below.]
Risk managers, auditors and analysts. Cyber risk is a rapidly evolving and growing component of the overall field of risk management. Continuous breaches, in conjunction with government regulation, litigation, enterprise management of third-party vendors, and cyber insurance policy compliance are rapidly forcing the risk management industry to re-vamp and focus more resources on cyber risk. This is an industry with tens of thousands of participants who will require tools and data to support their efforts.

SUMMARY OF TARGET MARKETS

The enormity of the first category of customers/users business owners and C-suite executives of firms large enough and serious enough about their businesses to register with D&B seems somewhat staggering at first glance. However, because the threat of cyber security is real and growing exponentially, the necessity of acquiring effective cyber security protection is fast becoming a business imperative.

For this reason, plus the fact that the VAaaS product is designed for general business users as well as IT users, we are confident in targeting both of these categories of users. Our marketing plan included in the "Sales and Marketing" section of this business plan addresses the multitude of channels we intend to employ in order to reach each of our target markets.

Target Markets Near-term

Our planning, as expressed in the pro-forma, shows that our near-term target markets include:

Business and IT professionals involved in making cyber security decisions and product purchases
Consultants advising buyers of IT security products
Cyber security insurance underwriters and product developers at insurance companies, large enterprises, and municipalities
Risk managers, auditors and analysts
Cyber security product vendors
Government, military, cyber security and law enforcement agencies, and IT procurement specialists
Analysts serving investors and stakeholders in IT security companies

Target Markets Long-term

Target markets beyond January 2018 include:

Investors and financiers of IT security companies
Think tanks
Friendly governments and security agencies
Consulting clients
DaaS (data-as-a-service) clients
Affiliate partners
Platform partners
Additional business domain partners

BENEFITS TO CUSTOMERS/USERS

The VAaaS tool is designed to help our customers locate, assess, and acquire the cyber security products and information they need in the most efficient, cost-effective manner possible. It is a game-changer because it brings full transparency to the vendor selection process for the first time. This is a huge and welcome benefit to our target market sectors. The following are VAaaS benefits enumerated by types of customers/users.

Business and IT professionals involved in making cyber security decisions and product purchases

Lower the costs of product acquisition and ownership by accurately comparing offerings and be in a position to negotiate better, more favorable terms.
Lower vendor assessment costs via increased staff productivity. Staff spends less time collecting and analyzing information because VAaaS enables faster, more thorough analysis.
Eliminate vendor bias and sole reliance on vendor-supplied information. VAaaS levels the playing field between buyers and vendors by providing access to information that facilitates comparison.
Utilize a tool designed for interface with both business and IT professionals. VAaaS offers distinct, easy-to-follow pathways for each type of user.
Stay up-to-date on vendors and products via news alerts and feeds on companies and products of interest.
Use the VAaaS sentiment indicators to learn whether other customers love or hate a vendor and/or product.

Consultants advising buyers of IT security products

Provide clients with up-to-date vendor options that match their specific requirements.
Minimize research time by employing the VAaaS database to quickly and efficiently segment, match, and select appropriate vendors and products for clients.
Compare your proprietary offerings with those in the VAaaS database in order to establish efficacy and make modifications when necessary.
Provide full-spectrum data and support for clients requiring new vendor options and installation.

Analysts serving investors and stakeholders in IT security companies

Take advantage of the robust search capability of a database containing all IT security product companies, organized by product segment, and utilize up-to-date reports on individual markets.
Access detailed financial, legal, and other pertinent information (including market buzz) about companies you are following.

Investors and financiers of IT security companies

Utilize the continuously updated VAaaS database to compile financial, legal, and other critical information about cyber security companies.
Quickly compare and analyze information about how the market is responding to a particular company or product.
Make more informed decisions regarding your allocation of resources.

Friendly governments and security agencies

Acquire and be able to share critical information about cyber security applications, both offensive and defensive.
Stay abreast of rapidly evolving products and services that are being effectively deployed to attack and defend security networks and government infrastructures worldwide, and become aware of those that have failed or proved ineffective.

Government, military, cyber security and law enforcement agencies, and IT procurement specialists

Streamline procedures and improve efficiency by radically cutting research time when vetting government vendors.
Free agencies and departments from vendor bias by utilizing third-party neutral, real-time data for vendor assessments and comparisons.
Utilize a secure database to perform vendor assessments and acquire critical cyber security data and reports specific to government agency operations.

Think tanks

Stay abreast of cyber security company and product trends in order to help inform and educate government and enterprise leaders via trusted, established channels and relationships.
Utilize our database to understand the full spectrum of offensive and defensive cyber security products on the market and up-to-the minute trends related to global product usage and efficacy.
Utilize our data streams and custom reports to help clients develop and disseminate information about various cyber security strategies.

Cyber security product vendors

Utilize the database to stay informed about competitors product offerings.
Ensure accuracy of company data and utilize our (vetted) vendor-update process, when necessary.
Stay abreast of market sentiment about your products and services and be able to quickly respond accordingly.

Cyber security insurance underwriters and product developers at insurance companies, large enterprises, and municipalities

Ensure acceptable levels of risk for writing cyber security insurance coverage.
Perform thorough, reliable risk assessments on third-party vendors.
Refer clients to preferred vendors for each category of cyber security products and services.
Become more competitive by offering stronger, more comprehensive cyber insurance policies.

Risk managers, auditors and analysts

Monitor risk performance of cyber security companies and products for client networks and their intellectual property assets.
Stay on top of constantly evolving defensive and offensive products used to attack and defend client networks and infrastructure.
Provide clients with up-to-date vendor risk options that match their specific requirements.
Minimize research time by employing the VAaaS database to quickly and efficiently select and recommend appropriate vendors and products, based upon pre-defined risk profiles.

COMPETITION ANALYSIS

The generally accepted methodology for performing a vendor assessment involves the matching of applicable requirements with potential products and product features, followed by a funneling process that enables further analysis and vetting. This is considered to be the gold standard for performing vendor assessments and, to date, there is no competitor to VAaaS.

Our competition analysis revealed many companies offering consulting services and vendor management software. None, however, were third-party or vendor-neutral; that is, none offered the opportunity to search a vendor database that included all of the vendors and products in a particular industry or product niche, plus other pertinent data such as financial health and market sentiment. The reason for this is that the existing offerings are vendor-driven or reflect vendor bias on the part of the companies or consultants. Of course, this reflects the reality that companies are directly selling either their own or other vendors products.

Methodology

Our competition analysis began with internet keyword searches, starting with the broadest terms and then narrowing to "cyber security" and "cyber insurance risk." The search terms used were:

Vendor assessment	Supplier assessment
Vendor assessment software	Supplier assessment software
Vendor assessment tool	Supplier assessment tool
Vendor risk management	Supplier risk management
Vendor management software product	IT Procurement
Cyber security product comparison	IT Security product comparison
Cyber insurance report	Cyber insurance risk

We found approximately eighty companies in the space. Most are consulting firms focused on vendor management and acquisition of software and services. Many are multi-purpose firms offering business intelligence services, and quite a few focus on specific industries such as financial institutions or healthcare. [See "Confidential Documents" section of this business plan.]

A few companies stand out in regard to the quality of their analysis and reporting on the cyber security space, such as Gartner, IDC, and Forrester. The closest competitor with an online application capable of searching for cyber security vendors is Capterra, which features 300 different industry categories, one of which is called "computer security." Within this category are listed a hundred or so cyber security companies with very limited, vendor supplied information.

Competitive Advantage

In comparing our SaaS application to the current market, we could find no other companies focued exclusively on cyber security, and none that collect as much information of varying types and degrees about the companies and products within a particular silo (such as firewalls within cyber security). The offerings currently available universally operate at a low level of data collection both in quantity and sophistication.

What we intend to do is employ grand-scale data gathering techniques that will allow us to help companies and governments solve the very real problem of how to protect themselves in a deteriorating cyber security environment.