With the increasing reliance on technology and the proliferation of data, investing in cybersecurity is not only a necessity but a strategic imperative for businesses and governments alike. And in this race, the United States is significantly ahead of Europe.
The United States invests twice as much as Europe in cybersecurity, with approximately $100 billion in the United States spent compared to $50 billion in Europe, and $200 billion worldwide. Another way to look at it: Europe would need to spend an additional $25 billion to create a market similar in size to its own. Specifically, French companies would need to increase their spend by 60% — an additional $4 billion — to catch up with the United States.
This spending discrepancy only represents the visible portion of the iceberg. The unseen is significantly larger. Cybersecurity lies at the heart of the trust needed for the broader digital economy. To bridge this gap, it is essential for European businesses and governments to stimulate demand, encourage a culture that is more accepting of risk, and cultivate a cybersecurity industry by using incentives rather than deterrents.
The case for more private and public funding for cybersecurity
Private investment in cybersecurity is eight times higher in the United States than in Europe. Out of the 15 top global investors in the sector, 87% are American funds.
One of the challenges is that Europe's cybersecurity landscape is characterized by a scarcity of large-scale specialist firms. There are only 25 cybersecurity companies with revenues exceeding $75 million, excluding those IT enterprises that have diversified into cybersecurity. The good news is that half of these firms are growing by more than 15% per year. Players with revenues of over $300 million now account for 67% of the market, compared with 40% in 2017.
However, the shortage of large, specialized companies indicates a relatively narrow base of heavyweight players in the European cybersecurity sector. This could suggest limitations in the region's capacity to foster and scale specialist cybersecurity firms independently.
Despite the critical importance of cybersecurity in safeguarding digital infrastructure, the sector receives a modest fraction of European public funding. Investments in cybersecurity represent a mere 1% of the total funds allocated to the Horizon Europe and Digital Europe programs. This level of investment may not be commensurate with the growing challenges and threats in the digital realm, potentially hindering the development and reinforcement of Europe's digital defenses.
Fostering a thriving cyber ecosystem in Europe
There is an urgent need to foster a thriving cyber ecosystem in Europe. Here are key steps to achieve this:
Stimulate demand in cybersecurity
Act on different levers, including increasing awareness of cyber risk, moving cyber from a tech niche to a much more mass-market subject, democratizing the sector, fostering better innovation and quality, evolving from a spirit of regulation to a spirit of entrepreneurship and innovation, and creating a public sector obligation to spend on European tech and cyber leaders.
Increase scale and profitability of cybersecurity companies
Prune cumbersome regulations in Europe, favor increased fluidity between markets, and develop private equity funds with the specialized technical skills to guide start-ups and encourage start-ups to cross the Atlantic.
Move cyber education to the center of the European agenda
Foster the development of private initiatives on education.