BAE Says Cyber-Security Is Survival of Fittest as Field Shrinks

BAE Systems Plc, Europe’s largest defense company, predicted the field of military contractors selling data-protection contracts will shrink as increasingly sophisticated demands from clients push out some competitors.

“While there are 20 companies piling in and competing, that is not the long-term outcome,” David Garfield, managing director for cyber-security at BAE’s Detica unit, said in an interview. Only four or five providers will likely prevail, with Detica trying to assure it is among them, he said.

BAE acquired Detica Systems for 531 million pounds ($800 million) in 2008 to expand in security sales as rivals including Northrop Grumman Corp. and defense-market leader Lockheed Martin Corp. began pursuing the sector. Companies are increasingly targeting business from commercial and foreign clients, rather than solely from their main governments.

“We’re getting pulled into almost every sector,” Garfield said. While the defense and financial services industries have led efforts to thwart so-called cyber-attacks, other segments are starting to recognize the threat to their business, he said.

The BAE unit has seen a shift away from a U.K. market that accounted for more than 90 percent of sales before the takeover. Today, about 50 percent of revenue comes from overseas, Martin Sutherland, Detica’s managing director said in the interview.

Government Endorsement

“Certainly the most interesting market for us is the commercial market,” Sutherland said. Cyber-security activities account for about 25 percent of Detica’s sales, with the rest from data-management services and financial compliance.

BAE is seeking to use credentials gained from working with military and intelligence agencies. Efforts are being aided by the British government amid concern that cyber intrusions targeting theft of intellectual property at U.K. companies may harm long-term growth prospects.

To help build awareness, the government has sponsored initiatives such as naming four companies, including BAE and European Aeronautic, Defence & Space Co., as endorsed entities for others to call on if networks are attacked.

BAE is also working with the Government Communications Headquarters spy agency to protect the defense establishment.

Detica is betting that a strategy focused on analyzing complex data to catch attackers that have infiltrated a company’s network will prevail over simple efforts to keep attackers from breaking in.

“The days of trying to build a castle around your systems and keep the bad guys out are gone,” Sutherland said. “You have to continuously monitor your networks to look for things that are anomalous.”

Before it's here, it's on the Bloomberg Terminal.