How do cyber security companies work?

All the cyber security related firms, like most of the companies in the field of computers and software, are into either service-based sector or product-based sector.
In the service-based line, there can be a range of services being offered by the company to its clients. It can come in the form of consulting, setup, and deployment, managing of the existing security setup, research into various areas for update and improvements, assessment through penetration testing and development based on evolving vulnerabilities, assessment of the security architecture and its designing for improvements, managing networks, internal applications etc.
The Product-based line is generally focused on software or hardware that focuses on a particular aspect of the security architecture. The hardware product line has been slowly being replaced by the software line as the companies are moving towards digitalization and cloud services.
The companies have to invest hugely in research and development of their products and services given that the sector is one with rapid innovations to stay ahead of the curve, and the cyber criminals with malicious intentions also do the same, trying to come up with new tools and viruses to set up attack. Hence, the companies need to take services of ethical hackers along with their usual Cyber Security and IT team to understand the mindset and approach behind the attack.

• Cyber Security companies work like any other software company. Some of them are product based while others are service based.
• Product based companies build a software or hardware to deal with one or more Cyber Security issues. The focus of the companies is shifting towards software as people are moving towards adopting cloud and visualization.
• Service based companies concentrate on consulting and research in the cyber space.
• In contrast to other industries, cybercriminals are a separate group of people that operate in the services space to design technologies that aid in cybercrime.
• Because cybercrime is a thriving market in and of itself, we discover developers and researchers generating malware and other forms of threats.
• It essentially works like an insurance company wherein the provider has to make the customer realize the existence of threat and provide solutions accordingly.
• Examples of services/products these companies offer - Managed services, software tools, penetration testing, systems auditing, vulnerability research, and consultancy are all examples of outsourced technology support.