In 2012, I sensed the Internet’s “democratization” effect was reaching cyber risk, such that a massive increase in cyber crime was not far away. Cyber risk, once exclusively a concern for institutions and large organizations, was going mainstream, and no one was prepared. As a Senior Banker at a prestigious private bank providing ultra-high-net-worth individuals and families with a broad range of risk-management counsel, I created a presentation titled “The New Face of Risk” to inform and prepare my most important clients for the coming long-term shifts in cyber risk and crime.
In 2013, encouraged by family and friends, I resigned from my successful 25-year career in financial services to form and launch Total Digital Security Corporation (TDS.) TDS was to be the vehicle to research and discover business opportunities that would unfold as a result of the forthcoming changes in the nature of cyber risk and crime around the world.
By 2014, I became convinced that TDS could build a multi-sided platform business that would serve the needs of the cybersecurity solutions provider industry, consumers, and all stakeholders in the new risk. I spent 2015 and 2016 “in the field” seeking experiential knowledge and devising a primitive version of a software platform to gather data and intelligence, and clarifying my vision for the design of a next-generation platform business to serve new markets in the cybersecurity industry.
The democratizing effect of the Internet enables anyone to be a professional cybercriminal and exposes everyone to be a potential victim of cybercrime. Historically, cyber risk was faced by large organizations and perpetrated by sophisticated hackers. Attacks were motivated by theft of intellectual property, cyber espionage, hacktivism, and cyber warfare, and were targeted at computer mainframes and servers operated by IT technicians. The Internet’s “democratizing” effect has shifted cyber risk to individuals and personal technology devices, attacks are increasingly perpetrated using rented hacking software, and the predominance of motivations are for profit including ID theft, financial fraud, and extortion.
" ... the time has arrived to call on the world’s governments to implement international rules to protect the civilian use of the internet."
The Need for a Digital Geneva Convention - Microsoft CLO Brad Smith, Feb, 14th, 2017
While the Internet was democratizing cyber risk, it was “commoditizing” solutions. Cybersecurity technology solutions that are commercial-grade and considered "the real thing" once required expensive user-owned hardware and local IT expertise and were designed for large groups of users. Advanced software, “smart” systems, collaborative intelligence and Internet clouds are rapidly replacing the need for local hardware and onsite technical personnel. Increasingly, offsite systems are used remotely to monitor and manage cyber risk “as-a-service” protecting computer devices for multiple individuals and customer groups of all sizes at a time.
The corresponding dynamics between drivers of cyber risk and cybersecurity solutions led to a strategic focus for TDS: provide the growing industry with an internet platform to match the two sides; emerging consumer demand for solutions, and innovation in such solutions.
The platform I imagined would serve the industry as a market aggregator, intermediary, and matchmaker for producers and consumers of cybersecurity products and services. TDS, as the platform’s owner and manager, would seek to build value across the ecosystem by acting as steward to increase transparency between sides, cultivate user communities, maintain quality standards, minimize platform congestion, and provide accurate and up to date market data. In addition to the value of feedback loops between sides, all platform participants benefit from superior marginal economics of production and distribution inherent in a multi-sided platform business model. Additionally, multi-sided platforms have proven to act as industry catalysts across a broad class of businesses to increase and stimulate exchange by coordinating demand.
Since 2014, TDS has collected data, experiential knowledge, and strategic insights that are vital to stimulating and growing demand from the consumer side of the cybersecurity market. Operating experience and data collection have informed TDS sufficiently to determine core software architecture and design elements for its platform and marketing strategy.
New Consumers
The current state of cyber risk and its effect on consumers is well reported. Drivers include powerful, emerging long-term trends, including:
- High criminal profit motive and digital currencies.
- The emergence of “cybercrime-as-a-service” software enabling anyone to commit a cybercrime for profit from anywhere at anytime.[1]
- Increasing rates of incidents and proximity to end-user consumers are advancing "relevance."
- Media heightened awareness.
- Increasing regulatory pressure across economic sectors.
- The Internet of Things and smart home environments.[2]
- Public sector advocacy - Federal and local governments are increasingly recognizing cyber risk as a predominant threat to economic stability, security, and personal safety.[3]
The pressures driving these trends are mounting at a rate faster than the consumer market’s response, creating a condition of pent-up need. TDS will leverage its proprietary data and insights gained from its engagement with the new class of cybersecurity customers to market and brand the company as the “go-to” resource for managing and mitigating all elements of cyber risk, personally and professionally.
[1] “Ransomware for Dummies: Anyone Can Do It” Krebs on Security Mar. 1, 2017.
[2] FTC Report on Internet of Things – Privacy & Security in a Connected World, January 2015.
[3] Report on Security and Growing the Digital Economy - NIST’s Commission on Enhancing National Cybersecurity, Dec. 2016.
New Producers
From the producer’s side of the cybersecurity industry, the next-generation of providers is robust and energized by new technologies in cloud-based architecture, powerful software, and aggressive capital.
"Given the rising quantity and severity of cyber attacks, cybersecurity continues to be one of the hottest tech sectors in recent history. As companies and governments look to better secure their networks, data, and devices, investors have been making more deals to private cybersecurity companies than ever before.
Cybersecurity deals hit an all-time quarterly high of 146 deals in Q1’17, up 26% from the previous quarterly high. The trend held through Q2’17, which saw just one fewer deal (145 total) compared to Q1’17.
The amount of disclosed equity funding to cybersecurity companies has also recently broken records, reaching an all-time quarterly high of $1.6B in Q2’17." CB Insights, August 2017.
The following graphs by CB Insights illustrate venture capital financing activity in cybersecurity since 2012:
“Cybersecurity Financing History” - CB Insights, 2017
Smart, informed capital is disrupting the cybersecurity industry with new solutions for cyber risk management and mitigation. Innovation taking place is aligned with attributes required for a scalable two-sided platform business model including:
- Elimination of hardware requirements – software and clouds are replacing servers, blades, and cables.
- Off-site operation with remote management – shared services are replacing the IT department.
- Real-time management for pre-emptive defenses, heuristics, and use of collaborative intelligence.
- Applying advanced software capabilities including machine learning and Big Data for increased efficacy, and artificial intelligence for end-user simplicity and custom-er support.
Cybersecurity product cycles are shortening due to rapid innovation and adoption of powerful new technologies in the industry. After decades of exponential progression, product advancement is less a difference in degree than a new product altogether, and consistent with digital technology, prices for solutions and products are declining and driving consumer value. [5] An intermediary demand-aggregating platform serves both the cybersecurity industry’s producers and its consumers by providing current market information and data, facilitating exchanges, and sharing the superior marginal economics of production and distribution inherent in multi-sided platform businesses.[6]
[4] CB Insights Cybersecurity Trends, February 2017
[5] “Of Hellabytes and Recombinant Innovation: The Second Machine Age.” – By Andrew McAfee, Feb.12th, 2014.
[6] “The Antitrust Analysis of Multi-Sided Platform Businesses” – by Evans and Schmalensee, University of Chicago Law School, 2012.
Matching New Participants in Cybersecurity
TDS has been creating new customers for the cybersecurity industry since 2014 by operating “in the field” at the intersection of individuals, their personal technology, and the new cyber risks at hand. Over this 3+ year period, TDS has purposefully and methodically collected and analyzed extensive data pertaining to the new class of cybersecurity consumers and producers, and sufficiently organized and analyzed results to garner rich insights and preliminary views of platform architecture and core software design.
Company management has identified key early-adopting consumer personas, industries, and economic segments, and has come to understand the variables required to present products and services in a fashion that drives new demand. From the producers of cybersecurity products and services, TDS has identified protection technologies that are affordable and easy to use while providing substantial risk mitigation for users regardless of location or device-type.
The attributes of a multi-sided software platform serve all stakeholders of cyber risk by stabilizing the relationships between multiple parties and providing high variability and re-usability with shared advantages in economics, scope, and scale.[7] TDS’ platform is situated to function as a complementary asset to producers of cybersecurity products and solutions, and as an entry-point and facilitator for consumers regardless of technical ability or lack of previous experience with cyber risk protection technologies.
[7] “Towards a Boundary Resources Theory of Software Platforms.” – Ahmad Ghazawneh, Jönköping International Business School, Jönköping University, October 2012.
Industry - Academic Partnership
TDS is seeking an industry and academic partnership for:
- Platform software engineering and development.
- Market research - new participants in cybersecurity.
- Consumers - quantify risk in vertical markets
- Producers - quantify solutions and product horizons
- Development of data repositories and Qualitative Data Analysis systems.
- Governance and facilitation modeling, policy management.
- Core platform software development and engineering – participant filters, data set matrices and forms, participant input and feedback data sets, manual curation models, and development of automated curation algorithms.
- Human factor labs.
- User experience feedback mechanisms, input measurement, and optimization of facilitation process design.
- Cybersecurity education initiatives directed at meeting the nation’s growing demand for professional industry practitioners as stated in the NIST’s “Report on Security and Growing the Digital Economy” Action Item 4.1.1:
“The next President should initiate a national cybersecurity workforce program to train 100,000 new cybersecurity practitioners by 2020."
[7] “Report on Securing and Growing the Digital Economy” - The Executive Summary for the NIST's Commission on Enhancing National Cybersecurity, Dec.1 2016.
Considering the risk environment and concerns from both public and private sectors, TDS holds great opportunity to grow aggressively and develop its platform business to lead great change across the cybersecurity industry. Extending platform functionality, nurturing consumer and producer communities, and securing the proprietary platform through the establishment of standards and protocols provide stakeholders in cyber risk great potential value.
Brad Deflin
March 2017
References:
[1] “Matchmakers: The New Economics of Multisided Platforms” – David S. Evans and Richard Schmalensee, Harvard Business School, May 2016.
[1] “Towards a Boundary Resources Theory of Software Platforms.” – Ahmad Ghazawneh, Jönköping International Business School, Jönköping University, October 2012.
[1] “The Need for a Digital Geneva Convention.” Microsoft CLO Brad Smith, Feb, 14th, 2017
[1] “Information Superiority and the Changes to HIPAA” - Mortenson, Serwin, Stow – The Lares Institute. Feb. 2013.
[1] “Worldwide Threat Assessment of the US Intelligence Community” – James R. Clapper, Director of National Intelligence. Feb.26 2015.
[1] “Report on Securing and Growing the Digital Economy” – from the Executive Summary for the National Institute of Standards and Technology (NIST) Commission on Enhancing National Cybersecurity, Feb12th, 2015.
[1] “Cybersecurity Global Yearly Finding” - CB Insights , 2016.
[1] “Security Platforms to Disrupt Industry” - Computer Weekly, Security Platforms to Disrupt Industry Predicts Palo Alto Networks Feb. 16, 2017.
[1] “The Impact of Openness on the Market Potential of Multisided Platforms” - Ondrus, Gannamaneni, and Lyytinen, Researchgate.com, July 26 2015.
[1] “The Architecture of Platforms: A Unified View” – Baldwin and Woodard, Harvard Business School, 2008.
[1] “The Antitrust Analysis of Multi-Sided Platform Businesses” – by Evans and Schmalensee, University of Chicago Law School, Coase-Sandor Institute for Law and Economics, 2012.
[1] https://www.totaldigitalsecurity.com/blog
[1] https://www.totaldigitalsecurity.com/calendar
[1] Symantec Internet Security Threat Report 2016
[1] “Security Awareness Training Report” – Cybersecurity Ventures, Feb.6 2017.
[1] “Ransomware for Dummies: Anyone Can Do It” Krebs on Security Mar. 1, 2017
[1] FTC Report on Internet of Things – Privacy & Security in a Connected World, January 2015
[1] Report on Security and Growing the Digital Economy - National Institute of Standards and Technology’s Commission on Enhancing National Cybersecurity, Report on Security and Growing the Digital Economy, December 1, 2016
[1] CB Insights Cybersecurity Trends, February 2017
[1] “Of Hellabytes and Recombinant Innovation: The Second Machine Age.” – By Andrew McAfee, principal research scientist at the MIT Center for Digital Business and cofounder of MIT's Initiative on the Digital Economy, Feb.12th, 2014.
[1] “The Antitrust Analysis of Multi-Sided Platform Businesses” – by Evans and Schmalensee, University of Chicago Law School, Coase-Sandor Institute for Law and Economics, 2012.
[1] “Report on Securing and Growing the Digital Economy” - The Executive Summary for the National Institute of Standards and Technology’s Commission on Enhancing National Cybersecurity, Dec.1 2016.
[1] “Economics of Vertical Restraints for Multi-Sided Platforms.” - David S. Evans, Chairman Global Economics Group University of Chicago Law School, January 2nd 2013.
