The world's top 10 largest cybersecurity | security consulting firms

04 September 2017 5 min. read

The Big Four – Deloitte, EY, PwC and KPMG – are the globe’s largest security consulting firms, according to new data. British-headquartered defence conglomerate BAE Systems also made the top ten meanwhile, on the back of 14% growth in security consultancy over the last year.

Cybercrime has continued to be a key area of concern for people, businesses and governments across the globe. Large scale attacks, such as the recent WannaCry ransom attack, which compromised patient data in the UK’s NHS, while costing companies billions in lost business and creating additional long-term negative effects on share price. Total costs from cyberattacks last year hit an estimated $400 billion, while for businesses globally the figure came in at an estimated $280 billion.

Due to the hot-topic of cyber-attacks coming to prominence over the past year, security consulting has become a major segment in the professional services sector. With a growing number of businesses now placing cybersecurity in their firm as a higher ranking priority, consulting firms are experiencing a boost, as clients seek external advise on how to best insulate their companies from the next WannaCry.

The 10 largest security consulting firms of the globe

There are thousands of management consulting and IT consulting firms which offer security consultancy services, however analysis of data gathered by Gartner reveals that the consulting industry’s Big Four have become the dominant forces in the security advisory sector. The following ranking regards about security consulting firms only, it is important to note it does not include managed security services revenues or associated capabilities.

Topping the list, Deloitte records the greatest annual revenue for security consulting by some way. Bringing in over $2.8 billion a year, the firm has seen an increase of 14% from 2015 levels, while continuing to invest in security and cybersecurity solutions with alliances and partnerships. EY follows with a revenue of $2.03 billion, which is also an increase of 8.2% on last year – however thanks to Deloitte’s rapid growth it remains a distant second, despite acquisitions such as its purchase of Open Windows Identity. The cybersecurity firm’s capture was targeted at growing EY’s global security presence, with the acquired company firm becoming the firm’s new APAC region Identity Management Centre of Excellence.

PwC, who launched a cybercentre to help clients battle digital attacks late in 2016 meanwhile ranked third, with revenues of over $1.9 billion, while final Big Four member KPMG, who in a 2017 report encouraged businesses to increase investment in security, ranked slightly behind with $1.6 billion – both firms seeing a 17.8% increase on last year’s figures. Like PwC, IBM launched a cybersecurity module in partnership with the WMG Cybersecurity Centre earlier in 2017. Reflecting a troubled period elsewhere, despite a booming security market Big Blue has seen security consulting revenues almost stagnate at $731 million, a narrow increase of just 0.6%.

Other top cybersecurity consultancies

Outside the top five, after a year of rapid spending toward a $1.8 billion global target, the aggressive expansion of Accenture has helped see security consulting revenues at the firm rise by 6.2% to hit $601 million. Following in seventh place, Booz Allen Hamilton, which partnered with Splunk in Summer of 2017 to unveil a new cyber threat intelligence service to clients of the firm, saw a slimmer raise of 2.1%, to $482 million in revenue.

HP Enterprise ranked eighth. Despite invested in IT consulting services to create consulting spin-off CSC last year, the group saw security consulting revenues fall 3% to $388 million in Gartner’s latest figures. Specialists Optiv Security ranked ninth, as the only firm to explicitly focus on security solutions within a top ten dominated by more diverse firms. Optiv saw revenues jump an impressive 15.5% to $373 million over the past year, following its acquisition by private equity firm KKR in late 2016.

Rounding off the top ten meanwhile, British multinational defence, security, and aerospace company BAE Systems saw revenue in security consulting hit 14.2% to $290 million. The group, headquartered in London, appears to be successfully diversifying into the sector to add to its more traditional portfolio, which includes a number of state and private sector solutions contracts.