There were over 400 M&A Cybersecurity deals in 2023. We're out of the growth phase of the industry lifecycle and into the maturation phase. This is a good thing right? Possibly..
Research has shown that when an industry enters the maturity phase and consolidation begins, innovation decreases. In 2021, Dr. Diana Moss testified before Congress on how "...innovation is diminished by harmful consolidation"
In 2017, Tommaso Valletti, the former European Commission’s Chief Competition Economist said consumers are “always worse off after a merger..."
But why is it so important?
We are not defending against cybercrime. We are in a race for innovation.
Think about game cheat developers as an example. These developers work extremely hard to bypass cheat protections and have been responsible for some common attacks used by threat actors such as DLL sideloading. This work is happening every day with these developers and threat actors alike.
The Solarwinds attack. The recent xz supply chain attack. The use of AI in offensive tooling.These are all innovative approaches.
We must foster innovation at all costs.So what can we do to stem the tide of what traditionally happens in every industry? How can we see the benefits of our industry maturing while protecting innovation?
Infosec was born in basements, coffee shops, clubs, and meetups where people were finding new ways to build and break things.
And while it's turned into nation-states and corporate strategy it's still all based on innovation.
