'Too many people are sitting on their backsides being comfortable - there are big changes happening' - Ian Kilpatrick
Cybersecurity veteran Ian Kilpatrick spoke to CPI ahead of him taking on a new role as strategic advisor for VAD powerhouse Nuvias. He shared his view on what two key trends those in the cybersecurity market should be aware of this year
The change in cybersecurity procurement and the impending "shockwave" of GDPR fines are two development that will have a significant influence on the cybersecurity market, according to Nuvias' former EVP cybersecurity Ian Kilpatrick.
It comes as Kilpatrick is taking on a more consultative role as Strategic Advisor cybersecurity for the pan-EMEA VAD.
"It's the growth of Nuvias that has precipitated this change," he said.
"We're growing at a fast pace. I need to be given a role that gives me more time to do consulting around the skills I've picked up over my history."
That history includes almost 40 years of experience in the cybersecurity market, as chairman of Wick Hill - one of the UK and Germany's best-known specialist security VAD - before its 2016 acquisition by Nuvias, when he took on the position of EVP cybersecurity.
"The truth is, I've been shockingly lucky. I've grown across different market sectors to £100m plus [with Wick Hill], and now with Nuvias, it's way, way bigger than that…And along the way I've had the pleasure of working with extraordinary people."
I asked him what his tips are for maintaining longevity in such a saturated market.
"You need to have shockingly high focus to be successful", he said.
"And to really understand the way that the market is moving."
GDPR - it's only a matter of time
"Look at GDPR. It's going to rear its head," he added.
"The fact is, many people are sitting on their backsides being comfortable and complacent… At several points in the next 12 months, there will be more breaches; that's guaranteed."
My interview with Kilpatrick was just five days before the first case of the EU's new GDPR privacy legislation being used to hit Google with a mammoth $56.8m (€49.9m) fine for not prominently displaying required data or obtaining adequate consent for ad targeting.
As Google has challenged the fine, it's not clear how much money, if any, the vendor giant will lose.
However, as far as Kilpatrick is concerned, if the EU is able to censure firm's with the maximum fine GDPR legislation allows for, the consequences could be "business takeover threatening".
"If you look at the standard measure, most organisations are making an EBIT of around four to six per cent, as a generalisation. So, if you get fined four per cent, that's your profits gone…
"This will be a shockwave that will go through the industry.
Boards get technical
If GDPR is a danger that is looming in the short term, a development in the industry that is altering how organisations buy solutions right now is the changing dynamic of decision makers.
"There's a lot of things that are moving negatively, but the biggest single thing that is moving positively in cybersecurity is the recognition by more boards that cybersecurity is a crucial business risk that they need to be aware of… and that is changing the deployment of cybersecurity.
"Boards are less willing to just listen to technical responses to questions; they actually want to know why and how they're secure. It's a really big change," he said.
"This has only happened in the last three to five years, so some of the benefits of that are only just starting to drift in now."
Worldwide spending on information security products and services are forecast to soar past $124bn in 2019 according to Gartner; an increase of 8.7 per cent from last year.
So what trends should channel players be aware of in order to maximise their slice of the revenues?
Multi-cloud vulnerabilities
For Kilpatrick the key challenge forging the cybersecurity market right now is the accelerating embrace of hybrid cloud.
"Just look at access and identity management. For most people, this is a mess," he said.
"I like to ask lots of people this question: if you've moved up through an organisation, and gone through multiple departments, in multiple locations, do you still have access to some of the applications you were given rights to three or four years ago?
"And if the answer is yes, then what happens when you leave the business? To make this worse, these orphan rights can sometimes exist in shadow IT that their departments set up and the main business isn't even aware of."
He added: "What most people tend to do when there's a lot of noise, is they turn down the filter.
"What you need to do is have solutions that will help you deal with information overload.
"So, I see that there's a definite shift towards solutions that can provide better reporting as to people's threat preparedness, in a way that is understandable at a management level."
More news
In the IT channel, what's partner loyalty made of?
Some say performance, others say money but it may be systems and processes that carry the day
Alibaba's cloud business jumps by two thirds
Private and hybrid offering up by 250 per cent
Avaya's share price rockets amid Mitel reverse merger rumours
Bid from Mitel comes after months of talks, according to Bloomberg
HPE to hand over $666m to DXC Technology over accounting dispute
Damages relate to spin out of DXC and CSC from HPE Enterprise Services in 2017
