Capital inflows into the cybersecurity sector have increased substantially in recent years and the global cybersecurity sector is estimated to be a $2 trillion market opportunity, according to research by McKinsey. The data highlights that the value of cybersecurity isn’t found only in its ability to safeguard against financial losses – it’s a critical economic sector in its own right, driving innovation, entrepreneurship, and growth.

S&P Global recorded a 91% YoY increase in venture capital and private equity investments in the cybersecurity sector in Q1 2024 – totaling $8.51 billion. This surge is predominantly fueled by innovations in AI, quantum computing, and industrial security, with AI-driven startups shaping the sector to support a new landscape defined by security, efficiency, and innovation. Yet, despite these advancements, the number and sophistication of cyberattacks continue to rise, suggesting that capital alone will not be enough to maximize the cybersecurity sector’s potential.

One key barrier to realizing cybersecurity’s potential is cyber inequity – the growing disparity between small and medium-sized enterprises (SMEs) and larger companies in being able to prevent, withstand, and recover from cybersecurity incidents. According to the World Economic Forum, organizations that can maintain a minimum level of cyber resilience decreased by 30% in 2024. SMEs, despite representing 90% of global businesses and employing more than half of the global workforce (World Bank), are the most vulnerable.

A recent study of 2,100 SMEs across nine countries indicates that the cyber inequity problem is twofold: SMEs not only face economic constraints in cybersecurity spending, but also lack an understanding of the necessary measures and protections. Out of the companies surveyed, 52% said they needed more support through education and training. For economies that rely heavily on small businesses, the cybersecurity sector won’t be able to flourish until the wider ecosystem can address these distinct challenges.

As 48% of SMEs from the study had experienced a cyber incident within the past year, the need for dedicated solutions is evident. By preparing employees and systems for these incidents, businesses can minimize their occurrence, or at least reduce the time and effort it takes to recover from them. But in the absence of dedicated initiatives and programs, the cybersecurity sector’s ability to meet and capitalize on the needs of SMEs will remain uncertain.

Some countries have developed strategies to address this issue. In Belgium, where SMEs account for 99.8% of all businesses, the “Ma PME Cybersécurisée" (My Cybersecure SME) initiative was launched in in 2023. The initiative has brought together 10 large organizations and companies to offer free cybersecurity training for SMEs. Through this program, smaller businesses learn cybersecurity best practices and what actions to take after a cyberattack. The initiative’s ‘QuickScan’ platform also allows SMEs to test their cybersecurity knowledge and receive tailored advice on what measures and products are available to them.

Another vital challenge for the growth of the cybersecurity sector is the current talent shortage. With a global need of 4 million new cybersecurity professionals and women representing only 25% of positions, targeted investments in cybersecurity education and training – particularly amongst women and girls – will be crucial to the sector’s long-term growth and effectiveness.

The cybersecurity sector is a beacon of opportunities, with vast economic potential. However, truly maximizing this potential requires more than just continued capital investment. For the sector to be able to address the complex security challenges expected in the years ahead, a holistic approach to cyber ecosystems development is needed.

Join the conversation at the GCF Annual Meeting 2024 on developing strong markets and building resilient cyber ecosystems under the subtheme "Thriving Cyber Economy".

Share your thoughts below on how to maximize the cybersecurity sector’s potential.