What we know and what we don’t: A review of patents for cybersecurity
- Large IT/computing companies are the leading forces in the cybersecurity IP market with mature portfolios, but new entrants are growing quickly and are acquisitive.
- Transactions in the space are mainly driven by IT/computing companies divesting assets to new entrants, which are trying to level the playing field
- Geographical coverage of patents are focused mainly in the US
- Cybersecurity is highly litigious, with both NPEs and operating companies enforcing their patents.
Cyber crime is on the rise. In 2015, reported security incidents by companies stacked up to 29,475 and led to 277 cases of confirmed data loss states a Financial Times article from March 28th. Another statistic, shows increasing global IT security breaches leading up to 42.8 million incidents in 2014. The numbers speak a clear language: cybersecurity is becoming increasingly important equally for individuals and corporations.
This has created strong incentives to enter the market for many types of companies. There are four basic types of companies playing in the cybersecurity field:
- IT/Computing companies (eg, IBM, Intel and EMC Corporation) which have augmented their other products with a range of cybersecurity offerings;
- Security companies which operate generally throughout the field of computer security (eg, Symantec and Japanese player Trend Micro);
- 'Pure play' companies (eg, Fortinet and Riverbed) which focus primarily on cybersecurity; and
- Defense companies wanting to apply their defence know-how to the cybersecurity market (e.g. BAE and Raytheon)
Figure 1 shows the vast difference in size and growth of this space. The major computer companies hold thousands of relevant patents but, while they also continue to grow, their rate of growth in relative terms is not as dramatic as that of new entrants such as Qihoo and Fireye, which have grown by hundreds of percent since 2013. However, it also shows that IBM’s portfolio of granted patents is tens or hundred times larger than many players and nearly twice the size of the combined substantial holdings of Intel and EMC. Knowing their successful licensing operations, they should be, perhaps unsurprisingly, a real IP powerhouse in this space. As seen further down in Table 1, they have also been active in selling patents to emerging players. In fact, most of the Security companies and also the emerging “Pure play” companies have acquired patents, many of them from major players and over a number of years.
Table 1 paints a very US centric picture, but how does cybersecurity pan out in terms of global spread?
Figure 2 indeed shows a strong territorial focus on the US, with outliers Qihoo is patenting extensively in their home market China and the Moscow-based core of Kaspersky (which does operate in nearly 200 countries) filing some patents in Russia. One anomaly is that Trend Micro, compared to many other Japanese companies, focuses primarily on the US market.Figure 3 looks at the litigation intensity in the space, where we see more evidence of just how active an IP area this is, with a large number of competitors suing each other (eg, Fortinet and Trend Micro). There is also, as with most high-tech areas, a substantial number of NPE suits (75% of total).The large volume of patents owned by the IT and computing giants and a large number of new entrants growing rapidly, combined with the high occurrence of litigation and transactions paints a picture of turmoil in the industry. Likely resulting in a market where a strong IP position, be it homegrown, acquired or licensed, and a wide range of sophisticated products are needed to succeed. Time will tell if reality will live up to the prediction.