CISO’s must carefully assess Accenture’s cyber spending spree

With cybersecurity pegged to sit high on C-Level agendas over the next 24 months, providers are working hard to buy in the capability they need to deliver against new market demand. The trick for enterprise leaders, then, is to carefully scrutinize the latest wave of investments from major IT services giants like Accenture to make sure their partner has the greatest chance of securing their business.

Accenture, a firm that isn’t shy about splurging on acquisitions, has spent the first part of 2020 bulking out its overall cybersecurity capabilities with a series of significant bang acquisitions. That’s after a focused five-year investment roadmap that’s seen the firm supplement delivery capability with over 10 additions—supplementing specific verticals, such as with the 2017 acquisition of Endgame Federal Services, and adding cyber threat hunting services for government and commercial clients. It also added solution-focused services, such as the 2019 purchase of Déjà vu Security, which offers a full range of services boosting the cyber resilience of digital platforms.

It’s only halfway through 2020, and Accenture has bolstered its arsenal with three significant cyber acquisitions  

Accenture’s overarching go-to-market strategy in the cybersecurity space is to offer clients a one-stop-shop portfolio to rival the disparate and pointed solutions provided by its competitors. In the cybersecurity space, enterprise leaders want a blend of outcome, capability, assurance, compliance, resilience, and, in an intensely complex and dynamic market, a degree of simplicity. Locating a partner with the full range of managed services, products, and capability is now higher on the agenda than ever before.

To an extent, Accenture’s strategy makes a lot of sense. Enterprise leaders may approach some of their competitors for a specific service, such as pulling in the Big Four for strategy or the IT services heavies and systems integrators (Sis) for technical delivery, but there are relatively few players offering the full suite of services. Unlike the broader market, Accenture has both the consulting heft to go head-to-head with the consulting giants and the technical bench to give the SIs and IT majors a run for their money.

The proof is in the pudding. Accenture’s revenues specific to its cybersecurity practice have more than doubled over four years, and it is now a multi-billion-dollar unit in its own right. It’s supported, of course, by its innate ability to grow inorganically where organic development doesn’t match its ambitious roadmap, which has seen the firm plug in three significant acquisitions in 2020 already: Symantec’s Cyber Security Services business, Context Information Security, and Revolutionary Security. Let’s examine how each of these acquisitions supports Accenture’s vision of becoming the go-to end-to-end security services firm.

Context Information Security adds cyber expertise and boosts UK presence

Context Information Security was a smart buy that brings in a broad spectrum of cyber capabilities, including managed services, cyber defense, and offensive expertise to help clients understand their vulnerabilities. One of the acquisition’s least touted benefits is the large quantity of localized talent the firm brings—particularly in the UK. Based in Cheltenham, the home of GCHQ, Context adds over 250 security professionals spread across the UK, Germany, the US, and Australia—all markets where cyber talent comes at a significant premium—helping the firm power an ambitious growth strategy in key markets, mainly the UK.

Revolutionary Security supports IT and OT estates to secure complex business environments

Revolutionary Security has an extensive heritage supporting complex infrastructure environments that focuses on covering both IT and OT (operational technology) estates. As digital technologies push valuable data and, by extension, vulnerabilities outside of enterprise headquarters, the need for a suite of services and solutions to combat threats in IT and OT environments will become more critical. Specific industries, such as oil and gas, are already facing myriad threats pushing outside of the remit of traditional cybersecurity solutions. For Accenture, Revolutionary Security may be one of the least-discussed acquisitions of 2020, but it could quickly become the most valuable as Accenture pushes harder into OT on its mission to deliver end-to-end cyber services.

Symantec CSS brand cache and customer bring a scalable platform and industry leading data set to Accenture’s arsenal

Buying Symantec’s sprawling CSS business may look to some like a scale play—but that’s only half of the story. The acquisition does add another 300 security professionals spread around the globe and the brand cache that comes with bringing in expertise from one of the best-known cyber firms in the commercial and consumer market. It also has a platform capability that includes one of the largest log collections of any market solution, offering a wealth of threat intelligence data alongside a talented team that knows how to mine it for contextual insights for clients. Accenture also benefits from a loyal Symantec customer base that will be eager to stick with their trusted cyber team, but the new customers also present a valuable cross-selling opportunity for the firm’s now sprawling solution portfolio.

The Bottom Line: Accenture’s goal to be THE end-to-end security firm is a bold target, but given its willingness to invest, enterprises would be foolish not to take a more in-depth look at its growing capabilities.

After a candid conversation with Accenture’s security executives, it becomes clear that the firm is on a mission to bring clients what they need in the cybersecurity market—specifically a single portal to assurance, compliance, resilience, and simplicity. This strategy is an ambitious one, and many of Accenture’s competitors also want to pursue it as the cyber market evolves to become a source of significant enterprise investment. If Accenture continues to build out its roadmap, it could become a reliable lighthouse in the choppy cybersecurity waters—a welcome beacon when many enterprises already find themselves struggling to keep afloat in a deluge of new services and solutions and a rapidly evolving threat landscape. This approach isn’t without its challenges. Bedding in these investments and retaining talent in a competitive labor market must be high on the agenda for the foreseeable future.