PEST analysis is essential for every business that wants to become and stay successful. Its main goal is to identify external forces that may affect the organization’s performance and profitability. Political-legal, economic, social, and technological factors all contribute to demand fluctuations for IT security solutions. The framework’s political-legal aspect remains the most influential as most countries perceive cybersecurity as a part of their national security policy, especially those with developed digital infrastructure and digital economy (Kovács, 2018). Cybersecurity laws (on cybercrime, cyberterrorism) and related standards significantly influence the market and demand for security products (Thoretz & Hartley, 2020). Such socio-cultural factors as lack of cybersecurity awareness and hacker behavior changes also drive demand for specific solutions.
For instance, in the US, hackers continue to shift their attention towards small businesses (SMBs) as they cannot counter possible attacks. According to Ladeau (2019), 58% of cyberattacks targeted SMB’s in 2018, whereas their employees received more email threats than those working in larger organizations. Moreover, it was found that 62% of SMBs do not have specially trained staff capable of managing cybersecurity issues (Ladeau, 2019). In response, the Small Business Development Center Cyber Training Act of 2019 was introduced in previous Congress. It would require SMBs to hire certified cybersecurity counselors to prevent and protect their enterprises. SMBs generally do not expect to be ransomware targets; thus, they usually lack preparedness and cybersecurity awareness. Such companies also lack underwriting data or have insufficient storage for it. In this case, the change to hackers’ behavior and related legal response may lead to a surge in demand for anti-viruses and firewalls and more advanced detection and response tools. What is more, small businesses would demand private cybersecurity firms that offer protection solutions and consulting.
Another example is the relatively new EU privacy law that affected the business worldwide and security providers operating in Europe. The General Data Protection Regulation (GDPR) was enforced in 2018 to give customers more control over their personal data, such as medical information, bank details, name, and photo (Lund, 2021). This regulation requires all organizations that deal with personal data to appoint a data controller officer. Moreover, GDPR allows the collection of customer data only if the customer gives his/her consent and if there are reliable technical measures to protect this data against exposure or loss (Yu & He, 2019). High requirements and fines for non-compliance, together with customers’ privacy concerns, make businesses comply and embrace security measures.
Compliance became a requirement for the right brand image, trust between customers and company, and overall service reliability. Thus, most large companies perceive it as an opportunity and put substantial efforts and capital into data security improvement. For that reason, more and more enterprises continue to drive demand for IT security solutions to comply with GDPR. More than 25% of European companies are only at their start of security improvement (De Groot, 2020). For that reason, product developers and service providers should expect a surge in demand and seize on the momentum for profits.
To conclude, PEST analysis provides firms with external forces overview to predict demand and finally adjust the strategy. The political-legal factor was found to be the most important at the moment, as nations continue to enhance laws in order to protect personal data and counter various cyberattacks. Global standards of cybersecurity are mandatory for IoT and other companies dealing with personal data. Laws that require the application of IT professionals and special security tools drive the demand for security solutions providing the opportunity to the cybersecurity industry.
References
De Groot, J. (2020). What is the General Data Protection Regulation? Understanding & complying with GDPR requirements in 2019. DataInsider. Web.
Kovács, L. (2018). National cybersecurity as the cornerstone of national security. Land Forces Academy Review, 23(2), 113-120.
Ladeau, J. (2019). Legislation highlights why cyber market should keep watch on small business risk. Insurance Journal. Web.
Li, H., Yu, L., & He, W. (2019). The impact of GDPR on global technology development. Journal of Global Information Technology Management, 22(1), 1-6.
Lund, J. (2021, January 14). What is GDPR and how does it impact your business?. SuperOffice. Web.
Thoretz, W., & Hartley, K. (2020). UK enterprises seek cyber security providers to help with new regulations. Intrado GlobeNewswire. Web.