Market Updates | 28th May 2021
The pandemic is accelerating the pace of change right across the professional services sector, amplifying pre-crisis trends as well as triggering entirely new ones. We’ll be keeping tabs on these over the coming months: We’ll be reporting back on what clients are telling us and how we see different segments of the professional services sector perform, as well as highlighting emerging opportunities and challenges. As always, we’ll be taking a fact-based approach. Our market sizing data comes from our unique model of the professional services sector, with more than $1tn of revenues broken down by sector, geography, and capability. Our forecasts are constantly updated to reflect the latest market data we have available from firms and their clients. Client data comes from our rolling programme of quantitative research and interviews.
Betting on risk?
Post-crisis, many professional services firms and investors are weighing up opportunities in the risk services space.
We estimate that the market for risk-related professional services was worth around US$149bn1 in 2020. The market is so large (roughly 15% of the total professional services market) because of the very broad range of activities that now fall under the heading of risk, which includes regulatory-driven compliance, cybersecurity and other technology-related issues, and the more traditional areas around governance, risk and compliance (GRC), and internal audit. Post-pandemic that definition is likely to be stretched even further: Now acutely aware of their exposure to a whole array of previously invisible risks, clients are now rebadging some work in other areas (e.g., supply chain) as risk. That’s probably a genuine reflection of their increased sensitivity to the range of challenges they face, but also a pragmatic recognition that risk-related projects are among the most likely to get funding—it’s a brave organisation that is willing to be seen cutting corners in this field.
The size and range of risk-related projects mean that many different types of firm can now claim a presence in this market: It’s no longer the sole preserve of the Big Four and risk specialists, although the former still have the largest share overall (around 21%, we estimate, with other non-Big Four assurance firms having a 9% share). The 17% share that technology firms have is a testimony to how umbilically attached the areas of risk and technology have become: dedicated cybersecurity firms have a 9% share, and network engineering firms a further 7%. Beyond this “core”, an increasingly diverse supplier base includes law firms (a 3% share that results from risk and regulatory-related disputes), and business process outsourcing companies (whose 4% share stems from taking over risk work previously done in-house by clients themselves).
However, viewing the risk market from this macro level misses significant variation in performance. Like most other parts of the professional services industry, the performance of risk-related services during the pandemic was mixed, with demand for some services growing significantly, but often at the cost of those perceived to be more discretionary. As the following chart illustrates, year-on-year growth in 2020 ranged from +23% for cybersecurity incident response to -21% for physical security strategy. Technology-related services typically saw positive growth, so too did operational risk and crisis management; however, some of the most established markets contracted: risk governance was down by 15%, and internal audit by 6%.
The key question for strategists and investors in risk-related services is the extent to which performance in 2020 presages performance in the next 2-3 years.
Clearly, some of best and worst performing parts of the market reflect the specific opportunities and challenges of the pandemic: The mass move to remote work triggered a wave of cybersecurity work; fragile supply chains meant a greater investment in operational risk; the growth in environmental risk can probably be attributed to a heightened sense of overall vulnerability as a result of COVID (many clients of professional services we speak to as part of our on-going research expect the next decade to be one of almost continual crisis). At the other end of the spectrum, there’s been less need in the last 12 months for organisations to review the security strategy of their—temporarily empty—buildings. This suggests that some of these peaks and troughs will be less extreme going forwards.
However, in other areas last year’s performance is likely to be indicative of underlying structural change, with compliance risk perhaps the best example of this phenomenon. Last year saw many client organisations attempt to cut the compliance part of their professional service bill, only to discover that the work involved was more than simple box ticking and required expertise. As a consequence, cutbacks early on in the crisis were followed by a return to business-as-usual usage. What this revealed, however, was a desire among client organisations to ensure they complied with all necessary regulations at the lowest possible costs—something that will translate into a market in which compliance-related work remains high in volume terms, but at a lower margin. Automation and other cost-saving measures will be crucial to ensure that suppliers in this market can maintain their pre-crisis profit levels.
Success in this market, therefore, will depend not only on identifying the highest growth areas of the market, but on having the right business model.