Cybersecurity in Healthcare, 2018-2030
- January 2018 •
- 547 pages •
- Report ID: 5368811 •
- Format: PDF
The digital revolution has transformed the way businesses operate across the globe. However, digitally stored information is prone to hacking and manipulation by cyber criminals. The concern is validated by the fact that more than 5.1 million records are compromised due to data breaches every day. In 2016, close to 1,800 incidents of data breaches were reported across all the industries; in total, almost 1.4 billion data records were lost or stolen. The year 2017 also witnessed several cyberattacks; notable examples include WannaCry and NotPetya ransomware attacks, Equifax data breach, MongoDB databases leak, Elasticsearch server hack, Cloudbleed security bug, Zomato hack, HBO hack / Game of Thrones leaks, Uber data breach, and Ethereum hack.
The healthcare industry has been amongst the prime targets for hackers over the last several years. The Ponemon Institute’s Fifth Annual Study reported that cyberattacks in healthcare have increased by a factor of 125% since 2010. In the first half of 2017, the healthcare industry had been compromised a number of times, having experienced a total of 228 data breaches, representing 25% of the total number of breaches worldwide. Across these instances, around 31 million records were compromised, stolen or lost, representing an increase of 423% as compared to the first six months of 2016.
In addition, according to a report published in May 2016, it is estimated that, with each electronic health record (EHR) costing around USD 355 in the black market, healthcare data breaches have resulted in losses worth USD 6.2 billion per year to the US healthcare industry. Examples of organizations that have recently been the victims of cyberattacks / security incidents include (in alphabetical order) Abbott / St. Jude Medical, Anthem BlueCross BlueShield, Bayer, Bupa Global Health Insurance, Bronx Lebanon Hospital Center, HealthNow Networks, Johnson & Johnson, Med Center Health, Merck, National Health System (NHS), Pacific Alliance Medical Center, Patient Home Monitoring, and Smiths Medical.
In order to overcome these challenges, various cybersecurity solution providers have started to specifically focus on healthcare. Along with the presence of big companies, the entry of several start-ups is driving the innovation in this domain. Contrary to the expectation, capital spending on cybersecurity in the healthcare industry is far less compared to some other industries. In addition, the scarcity of skilled cybersecurity professionals capable of catering to the complex regulatory demands in the healthcare industry is making it even more difficult for the successful implementation of cybersecurity policies across this field.
SCOPE OF THE REPORT
The ‘Cybersecurity in Healthcare Market, 2018-2030’ report features an extensive study of the current landscape and future outlook of the growing market of cybersecurity within the healthcare industry. The focus of this study is on the cybersecurity products / solutions and services that are currently available for protecting internet connected devices against cybercriminals, and the likely evolution of novel technologies / platforms in the mid to long term. Backed by funding from several venture capital firms and strategic investors, this evolving market has its hopes pinned on the efforts of multiple start-ups.
Amongst other elements, the report features:
• A detailed assessment of the current market landscape of cybersecurity within the healthcare domain, providing information on cybersecurity core products / solutions, threat intelligence solutions, information on different threat types, security elements and modes of deployment.
• Detailed profiles of some of the emerging players in the industry, highlighting the current focus of the companies, capital raised, and details on their specific cybersecurity products / solutions and services. The profiles also have a section on recent developments, highlighting the achievements, partnerships / collaborations, and the likely strategies that may be adopted by these players to fuel growth in the foreseen future.
• A comprehensive benchmark analysis, highlighting key focus areas of mid to large sized companies, thereby, providing a means to compare the existing capabilities within respective peer groups and help industry stakeholders identify ways to achieve a competitive edge over contemporary players. In addition, we have provided detailed profiles of some of the established players within each peer group.
• An analysis of investments made at various stages of product development; these include seed financing, venture capital financing, debt financing and grants / awards received by the companies that are focused in this area.
• An elaborate valuation analysis of companies that are involved in providing cybersecurity products / solutions / services to the healthcare industry; for the purpose of this analysis, we focused on companies that have been established over the last 5-6 years.
• An overview of how artificial intelligence (AI), machine learning and deep learning techniques can augment cybersecurity, once integrated. In addition, we have outlined a detailed assessment of the current market landscape of AI-based cybersecurity, and provided high-level insights on the market competitiveness within this domain.
• A case study on cybersecurity use cases within the healthcare industry, highlighting some of the notable healthcare data breaches and security incidents that have happened in 2017. In addition, we have briefly outlined some of the recently reported medical device hacks / security vulnerabilities that led to the recalling of these devices.
One of the key objectives of the report was to understand the primary growth drivers and estimate the future size of the market. Based on various parameters, such as number of healthcare data breaches, number of records compromised, expected pricing of the stolen medical records and spending trends on cybersecurity in the healthcare industry, we have provided an informed estimate on the likely evolution of the market in the long term, for the period 2018-2030. To account for the uncertainties associated with the number of data breaches, and to add robustness to our model, we have provided three forecast scenarios, portraying the conservative, base and optimistic tracks of the market’s evolution.
The opinions and insights presented in the report were also influenced by discussions held with senior stakeholders in the industry. These include Garrett Silver (CEO, Critical Informatics), John Gomez (CEO, Sensato), Matan Kubovsky (VP, R&D, illusive networks), Mike Kijewski (CEO, MedCrypt), Mike Meikle (CEO, secureHIM), Robert Dobson (Director, Device Authority) and Rosa Lenders (Marketing Executive, Device Authority), Rod Schultz (CPO, Rubicon Labs) and Julia Cline (Senior Director, Product and Marketing, Rubicon Labs), Saïd Kenj (Account Executive, Cyberlytic) and Rebecca Bourke (Marketing Manager, Cyberlytic), Steve Leatherman (IT Consultant, BlackRidge Technology), and Yoni Shohet (CEO, SCADAfence). All actual figures have been sourced and analyzed from publicly available information forums and primary research discussions. Financial figures mentioned in this report are in USD, unless otherwise specified.
The data presented in this report has been gathered via secondary and primary research. For all our projects, we conduct interviews with experts in the area (academia, industry, medical practice and other associations) to solicit their opinions on emerging trends in the market. This is primarily useful for us to draw out our own opinion on how the market will evolve across different regions and technology segments. Where possible, the available data has been checked for accuracy from multiple sources of information.
The secondary sources of information include
• Annual reports
• Investor presentations
• SEC filings
• Industry databases
• News releases from company websites
• Government policy documents
• Industry analysts’ views
While the focus has been on forecasting the market till 2030, the report also provides our independent view on various non-commercial trends emerging in the industry. This opinion is solely based on our knowledge, research and understanding of the relevant market gathered from various secondary and primary sources of information.
Chapter 2 is an executive summary of the insights captured in our research. The summary offers a high-level view on the likely evolution of the cybersecurity market within the healthcare industry in the long term.
Chapter 3 is an introductory chapter that presents an overview of the digital revolution, emergence of IoT, cloud computing, and the digitization of business communication across a number of industries, with information on the associated risks and vulnerabilities. It outlines some of the prevalent cyber threats and security vulnerabilities, thereby, highlighting the importance of cybersecurity. It also provides an overview of the key cybersecurity solutions that are being used in the industry. In addition, the chapter provides information on some of the notable cyberattacks and data breaches that have taken place across different industries in the past few years.
Chapter 4 provides information on the digitization of the healthcare industry, and outlines key reasons why organizations in this domain have been a prime target for cyber criminals in the past few years. Further, the chapter stresses on the importance of cybersecurity in the healthcare industry, giving an overview of the HIPAA framework, and highlights several security vulnerabilities that exist within the industry. It also provides details on some of the largest healthcare data breaches in history. In addition, it presents a summary of the best practices that must be considered while implementing security measures within the healthcare industry.
Chapter 5 includes information on around 400 key stakeholders that are exploring the potential applications of their cybersecurity products / solutions and services within the healthcare industry. We have classified the database based on the type of offering, including cybersecurity core products / solutions, threat intelligence solutions and cybersecurity services. In addition, the chapter provides information on companies’ geographical location, size of employee base, type of threats that a company is capable of dealing with, type of security elements, and mode of deployment. Furthermore, we have identified various prevalent and upcoming trends in the industry that are likely to govern the future of cybersecurity within the healthcare industry.
Chapter 6 features detailed profiles of some of the emerging stakeholders that are primarily offering cybersecurity core products / solutions for the healthcare industry. Each profile includes an overview of the company, financial information, details on their cybersecurity products / solutions, and recent developments with respect to the cybersecurity domain.
Chapter 7 includes detailed profiles of some of the emerging stakeholders that are primarily offering threat intelligence solutions for the healthcare industry. Each profile includes an overview of the company, information on financial performance, details on their specific cybersecurity products / solutions, and recent developments with respect to the cybersecurity domain.
Chapter 8 provides detailed profiles of some of the emerging stakeholders that are primarily offering cybersecurity services (managed / professional) for the healthcare industry. Each profile includes an overview of the company, information on financial performance, details on their specific cybersecurity products / solutions, and recent developments with respect to the cybersecurity domain.
Chapter 9 presents a benchmark analysis, taking into consideration the established players that are engaged in this domain. It highlights the capabilities of these companies in terms of their expertise across cybersecurity products / solutions and services for the healthcare industry. The analysis allows companies to compare their existing capabilities within and beyond their peer groups, and identify opportunities to become more competitive in the industry. In addition, we have provided detailed profiles of some of the established stakeholders within different peer groups. Each of these profiles feature an overview of the company, information on financial performance, details on their specific cybersecurity products / solutions, and recent developments with respect to the cybersecurity domain.
Chapter 10 provides information on the funding instances and investments that have been made in this industry. The chapter includes details on various investments (seed financing, venture funding, debt financing and grants) received by companies between 2012 and late 2017, highlighting the growing interest of the venture capital community and other strategic investors.
Chapter 11 features a comprehensive valuation analysis of the companies that are offering cybersecurity products / solutions and services for the healthcare industry. The chapter provides insights based on a multi-variable dependent valuation model. The model is based on the year of establishment of the companies, employed workforce, funding received and depth of product / service portfolio.
Chapter 12 presents a comprehensive market forecast, highlighting the future potential of the market till 2030. The forecast, which provides estimates on the market opportunity across the three major types of offering (cybersecurity core products / solutions, threat intelligence solutions and cybersecurity services), is backed by robust secondary research, as wells as inputs from senior stakeholders in the industry. The analysis also highlights the relative growth opportunity across different geographical regions (North America, Europe, Asia-Pacific and Rest of the World), type of threats (insider theft, intrusion, 3rd party / sub-contractor negligence, employee negligence, physical theft and others), type of cybersecurity services (managed and professional), type of security elements (application security, cloud security, endpoint security and network security), and mode of deployment (cloud and on-premise). To account for the uncertainties associated with the adoption of these technologies, we have provided optimistic and conservative forecast scenarios, in addition to the base forecast scenario.
Chapter 13 presents an overview of AI, machine learning and deep learning techniques, and the likely benefits of integration of these technologies into cybersecurity tools / systems. The chapter highlights how AI / machine learning techniques can bolster cybersecurity capabilities for combating the ever-increasing threat landscape. In addition, we have outlined a detailed assessment of the current market landscape of AI-based cybersecurity, and provided high-level insights on the market competitiveness within this domain.
Chapter 14 presents a case study on cybersecurity use cases within the healthcare industry. The chapter highlights some of the notable healthcare data breaches and security incidents that took place in 2017. In addition, we have briefly discussed some of the recently reported medical device hacks / security vulnerabilities, in order to highlight the potential damages these incidents can cause. We have also summarized some of the initiatives / measures adopted by healthcare / pharmaceutical organizations to tackle cyberattacks.
Chapter 15 summarizes the overall report. In this chapter, we have provided a list of key takeaways from the report, and expressed our independent opinion related to the research and analysis described in the previous chapters.
Chapter 16 is a collection of executive insights from various key stakeholders in this market. The chapter provides brief overview of the companies and interview transcripts of the discussions that were held with stakeholders associated with these companies. The chapter provides details of interviews held with Garrett Silver (CEO, Critical Informatics), John Gomez (CEO, Sensato), Matan Kubovsky (VP, R&D, illusive networks), Mike Kijewski (CEO, MedCrypt), Mike Meikle (CEO, secureHIM), Robert Dobson (Director, Device Authority) and Rosa Lenders (Marketing Executive, Device Authority), Rod Schultz (CPO, Rubicon Labs) and Julia Cline (Senior Director, Product and Marketing, Rubicon Labs), Saïd Kenj (Account Executive, Cyberlytic) and Rebecca Bourke (Marketing Manager, Cyberlytic), Steve Leatherman (IT Consultant, BlackRidge Technology), and Yoni Shohet (CEO, SCADAfence).
Chapter 17 is an appendix, which provides tabulated data and numbers for all the figures provided in the report.
Chapter 18 is an appendix, which provides the list of companies and organizations mentioned in the report.
1. Close to 400 stakeholders currently offer a variety of products / solutions / services to healthcare organizations. Of these, over 80% companies provide core products / solutions (such as identity access management and intrusion prevention) to enhance information security. In addition, about 56% of the companies provide threat intelligence solutions to organizations in the healthcare organizations including hospitals, pharmaceutical / biotechnology companies and medical device manufacturers.
2. At present, the market is highly fragmented and is a mix of large enterprises, mid-size companies and start-ups. Majority of the large-sized companies (total 72) have three types of offerings (core products / solutions, threat intelligence solutions and services). In fact, for some of the companies in this category, cybersecurity is one of the many focus areas. Examples include (in alphabetical order, no selection criteria) AECOM, Cisco, Fortinet, IBM, Juniper Networks, Level 3, McAfee, Microsoft, NETSCOUT, Secure Works, SonicWall, Symantec and VMware.
3. Similarly, there are close to 100 mid-sized companies that are providing cybersecurity solutions / services to players in the healthcare domain. Examples include (in alphabetical order, no selection criteria) Absolute Software, Arbor Networks, Auth0, BeyondTrust, Black Duck Software, CipherCloud, Cybereason, Infoblox, Malwarebytes, Netskope, ThreatMetrix, LogRhythm, SentinelOne, Skyhigh Networks and Zerto.
4. In addition, several start-ups (close to 200) are offering innovative solutions / products / services. Venture capitalists have strongly supported innovation in this domain; around USD 2.5 billion has been invested in this industry since 2012 across around 180 instances of funding. Some of the companies that have raised capital multiple times since 2012 include (in alphabetical order, no selection criteria) Auth0, Cybereason, Cylance, Darktrac, Fortscale, ProtectWise, Rubicon Labs, SentinelOne, Skyhigh Networks, SnoopWall, Sqrrl and Synack.
5. Our proprietary valuation analysis reveals that, of the 64 start-ups that were evaluated, 20 companies are estimated to have a valuation between USD 100 million and USD 1,000 million. Examples of such companies include (in alphabetical order, no selection criteria) Anomali, Area 1 Security, Bitglass, Exabeam, Silent Circle, Sqrrl, Synack, Tempered Networks, Threat Stack, UpGuard and ZeroFOX. Specifically, there are two companies that are estimated to have a billion-dollar valuation.
6. Given the increasing number of cyberattacks in the healthcare industry, and the fact that the volume of digital data / records will steadily increase in the future, we estimate the overall cybersecurity market specific to the healthcare industry to grow at an annualized rate of about 14%. Since a significant proportion of electronic / digital data is located in the US, we believe that this region currently accounts for over 60% of the market’s share; this is followed by Europe with over 20% share. Over time, due to the adoption of digital solutions in highly populated countries, such as India and China, the market in Asia-Pacific is expected grow at a relatively higher rate.
7. Intrusion (hacking / ransomware) attacks, accounting for over 50% of the market, are the primary concern in the healthcare industry. In fact, the share of these breaches is estimated to grow to about 70% by 2030.
8. In terms of type of security, products / solutions for application security and network security are the most popular; these occupy about 50% of the current market. Due to the increasing prevalence of cloud based solutions, the market for cloud security is likely to register a relatively higher growth and occupy around 25% of the overall share by 2030.