2016 has been a bumper year for the cyber security industry, with a series of high-profile breaches only set to drive demand for security services higher in the coming years.
According to the Q4 2016 Cybersecurity Market Report from Cybersecurity Ventures, the industry will be worth $1 trillion between 2017 and 2021. This might seem a lot if not for the fact that the report also predicts that cybercrime will cost the world $6 trillion a year by 2021.
The industry certainly looks set for growth, but what will be the biggest areas of growth and where are the industry’s trend-setters and veterans putting their money?
The US-based company ThreatQuotient and its CEO John Czupak are making a big bet on one particular area: threat intelligence.
The company has secured two rounds of funding netting $22 million, grown its team from 10 to 60 employees in six months and assembled a Board including former execs from Cisco.
Czupak has form in raising valuations in the cyber security, having worked at Sourcefire, which was acquired for $2.7 billion in 2013.
He believes that his company’s threat intelligence platform, which essentially processes data from a range of sources and serves it up to IT professionals as workable information, is the next big wave in cyber security.
Why? The mindset in cyber security has changed, and the continuing wave of high-profile breaches is certainly not about to change it back.
“The industry has already shifted from a defend/protect model to a detect/respond model,” Czupak tells CBR.
“The old way used to be build walls and moats, protect everything.
Czupak says that the computing landscape doesn’t support that model anymore. He highlights mobile and the cloud as two technologies that have dissolved traditional enterprise perimeters.
“Organisations have finally admitted that they’re not going to block everything and sleep well at night. The reality is I will get compromised at some point.
“To the extent that I can reduce my attack surface there is value in that. But I had better be prepared with some plan for not if, when I get compromised.”
Czupak says that the big players in security will have to get into this market at some point.
While an acquisition is not planned, Czupak would not rule it out either. He says that being acquired is not the focus right now.
“I wake up every day and we’re not for sale, and I wake up every day knowing we’re always for sale. That does not mean it’s the goal but it’s the reality of our industry.”
Indeed, ThreatQuotient is not the only company betting big on cyber security intelligence and how it is presented to security professionals.
For example, Tanium, which touts itself as a security search engine for the enterprise, has netted funding from seasoned tech investor firms such as TPG, Institutional Venture Partners and Franklin Templeton and Geodesic Partners pushed Tanium’s value to $3.5 billion.
Again, Tanium’s model is based not around keeping threats out but on visibility.
Another long-term cyber security investor who is seeing potential in a new category is Shlomo Kramer, the billionaire co-founder of Check Point, the Israeli security company which created the first commercial firewall.
Kramer is currently the CEO of Cato, which provides a secure cloud network to enterprises. Network elements at the customer organisation are connected securely through the cloud network, including branches, mobile users, physical and cloud data centres.
According to Kramer, the opportunity in this space is worth $72 billion.
Kramer tells CBR that there are two types of cyber security start-ups he invests in.
“One is the start-up that says there is a new market. Once there is a new category of IT like mobile, we need to secure this.
“The second type is companies that are disrupting existing categories. Cato is an obvious example,” he says, saying the company is changing the MPLS market by dramatically reducing cost.
These more specific categories are not the whole story, and the windfall from cyber security growth could spread to a range of companies. For example, the full service security company ECSC, based in Bradford, recently announced an IPO on the AIM in the UK, targeting a £15 million float.
However, as some of the above examples show, the cyber security industry still has plenty of avenues to explore for growth.