McAfee, RSA Security, and Symantec have been at the center of the enterprise cybersecurity technology landscape for decades. These industry bedrocks have become synonymous with security, having pioneered and refined many of the capabilities that remain fundamental to successful enterprise cyberdefense.
But their halcyon days have faded. After struggling to adapt to change and overcome adversity for more than a decade, all three companies are now charting new paths, signaling the start of the cybersecurity industry's next era.
McAfee, acquired by Intel in 2010 for nearly $7.7bn and spun out again seven years later, has been making a comeback by emphasizing cloud-based security. But mixed results from costly acquisitions and impatient private equity owners resulted in popular CEO Chris Young's recent resignation. Young's replacement specializes in preparing struggling companies for sale, making McAfee's future uncertain at best.
RSA Security was founded by the industry's pioneers in data encryption, and its SecurID technology dominated the two-factor authentication market for years. But strategic missteps and a questionable relationship with the NSA hurt its standing in the market. RSA never found its fit following its 2006 acquisition by EMC, and its subsequent acquisition by Dell a decade later proved no better. Just this month, Dell announced it would finally sell RSA to a group led by a private equity firm. It's unclear what lies ahead for RSA, but the company may be worth more if broken up and sold for its parts.
Symantec, after more than a decade of acquisitions, divestitures, and reinventions, finally seemed to be turning things around in 2018, but brash CEO Greg Clark and his management team found themselves in a series of scandals. In May last year, Clark stepped down, Symantec had its sixth CEO in 10 years, and key shareholders decided enough was enough: its enterprise division was soon sold to Broadcom. The consumer division lives on as NortonLifeLock, but Symantec the company is no more.
All three vendors lost their way because they failed to evolve with the market, craving steady profits and fearing disruption. But business success in cybersecurity requires taking risks today in order to prevent risks tomorrow; not only risks posed by creative and diligent cyberattackers, but also those presented by agile competitors, including hundreds of aggressive startups with little to lose except someone else's money.
The vendors emerging to lead cybersecurity in next decade and beyond must embrace disruption, fostering the processes and culture necessary to consistently bring innovation to the marketplace, even if the result is destabilization of their own lucrative market segments.
After all, if they don't disrupt themselves, someone else will. Just ask McAfee, RSA, or Symantec.
Straight Talk is a weekly briefing from the desk of the Chief Research Officer. To receive this newsletter by email, please contact us.