I thought it would be interesting to extract the number of cybersecurity vendors by year founded from the Directory portion of Security Yearbook 2021. At first glance, the result is surprising.

Chart of founding years of cybersecurity companies
Companies founded per year

Only thirteen new cybersecurity vendors in 2020! A total of 41 the year before. That seems extremely low compared to previous years. Has the industry peaked? Have we solved security?
Of course, no. The above chart has to be viewed in light of how I record data for the Directory. There are 2,615 vendors represented. These are only vendors I know about. There are likely many more vendors that started last year but are still in stealth mode. We won’t learn of them until one to three years down the road.
Why the peak of 239 vendors in 2015? Once again, it’s because of the way I decide which vendors are included in the Directory. A year after a vendor gets acquired it is no longer included in the Directory unless the brand stays alive. For instance, Recorded Future is still in the directory, because it was acquired by an investor. iSIGHT Partners is not, because FireEye folded it into their other operations.
Because the vendors founded in 2015 are all six years old this year I expect many of them to be acquired in coming years. Note that there were 225 acquisitions last year alone.
An interesting metric to track is the average age of cybersecurity vendors, 11 years.
There are companies in the Directory that date all the way back to 1901 (BSI, a standards body, but also a training organization). And Spirent (83 years) which started life as a phone equipment testing company but now has a cybersecurity testing arm. Companies like Check Point, CBL Data Recovery, Absolute Software, BIO-key, and Apcon, are all 27 years old, founded in 1993.
The very oldest cybersecurity company is Bundesdruckerei-Gruppe, an identity company in Germany. It was founded in 1763.