Formerly known as Wikibon

Breaking Analysis: Investors Cash in as Users Fight a Perpetual Cyber War

Despite the more than $100B spent each year fighting cybercrime, when we do an end of year look back and ask, “how did we do” — the answer is invariably the same; worse than last year. Pre-pandemic, the picture was disheartening. But since March of 2020 the situation has only worsened as cybercriminals have become increasingly sophisticated, better funded and more brazen. SecOps pros continue to fight, but unlike conventional wars, this one has no end. The flip side of course is that markets continue to value cybersecurity firms at significant premiums because this huge opportunity will continue to grow by double digits for the foreseeable future. 

In this Breaking Analysis, we share our quarterly look at the state of cybersecurity, with a focus on 2021 and beyond. We’ll update you with the latest survey data from Enterprise Technology Research and convey the fundamentals that have investors piling into the security space like never before. 

Cybersecurity remains the #1 priority for CIOs & CISOs

The latest ETR survey once again asked IT buyers to rank their top priorities for the next twelve months. In the last three polling periods, dating back to March 2020, cybersecurity has outranked every top spending category including cloud, data analytics, productivity software, networking, AI & automation/RPA. 

This shouldn’t surprise anyone but it underscores the challenges organizations face. Not only are they in the midst of a non-optional digital transformation, but they have to also fund a cyber war that has no ceasefires, no truces…no exit path.

Ransomware has Become a Household Word

There’s much more going on in cybersecurity than ransomware but that certainly has the attention of executives. And it’s becoming more and more lucrative for attackers. Below a snapshot of some of the more well documented attacks this decade, many which have occurred in recent months. 

CNA financial got hit earlier this year and paid a $40M ransom. The Health Service of Ireland got hit this year and refused to pay the ransom. It’s estimated that the cost to recover and the damage to the organization exceeded half a billion dollars. The JBS Meat Company hack…$11M paid. CWT travel $5M. The disruption from the Colonial Pipeline Company was widely reported and they paid more than $4M as did Brenntag, the chemical company. The NBA got hit and so did computer makers Quanta and Acer.

More than 2,000 ransom attacks were reported to the FBI in the first seven months of 2021, up more than 60% from 2020.

As we’ve said many times, you don’t need to be a genius to be a ransomwarists today. Anyone can go on the dark Web and tap into ransomware-as-a-service. Attackers have insidious names like Darkside, Evil, the Cobalt Crime Gang, Wizard Spider, the Lazarus Gang and numerous others. Criminals have established negotiation “desks” as most typically the attackers demand a specific amount of money but are willing to compromise in an exchange of cryptocurrency for decryption keys. 

As mentioned, it’s not just ransomware…supply chain attacks like the Solarwinds hack hit organizations within the U.S. government and companies like Mimecast. While these attacks often do end up in a ransom situation, the attackers sometimes find it more lucrative to “live off the land” in stealth fashion and exfiltrate sensitive data. This data can be sold or – as is often the case with many financial institution attacks – surveillance information from a chief investment officer can provide signals for an upcoming trading strategy, which attackers can front run. 

Of course, phishing remains one of the most prominent threats..only heightened by the work from home trend as users bring their own devices and less secure home networks. 

A Silver Lining for Investors

If there’s a problem, entrepreneurs and investors will be there to solve it. Below is a LinkedIn post from one of the top investors in the business, Mike Speiser. He was the founding investor in Snowflake and helped get Pure Storage to escape velocity and many others. His company, Sutter Hill Ventures, is co-leading a $1.3B Series D on an $8.3B valuation. 

Lacework is a threat detection software company that looks at security as a data problem and monitors exposures across clouds. So watch for that company to soar. 

VC Money Pours in

The right hand chart shows venture investments in cybersecurity over the past several years. You can see it exploded in 2019 to $7.6B– and people thought the market was peaking at that point. But investments rose a bit to $7.8B in 2020 in the middle of a lockdown. The hybrid work, cloud and new normal thesis kicked in full gear this year with nearly $12B invested in the first half of 2021 alone. 

No Shortage of Choices for Buyers and Investors Alike

The money keeps coming as the problems gets worse. And the market gets more and more crowded. We like to show the slide below from Optiv. It’s their security taxonomy that will make your eyes cross. There are many companies in different sectors of the market. 

Comparing Cybersecurity Peer Companies

Let’s reduce the list down a bit and bring up some ETR data. 

The chart above is based on survey data from October that shows Net Score or spending momentum on the vertical axis and Market Share or pervasiveness on the horizontal axis. That’s a measure of mention share if you will. This is the information security sector within the ETR taxonomy with no filters in terms of the number of responses. In other words, this represents every company ETR picks up from its buyer surveys and is obviously a subset of the Optiv graphic. 

Companies above the red line are considered to have highly elevated spending momentum on their products. And you can see there are a lot of companies that in this map and several above that magic mark. 

The momentum of Microsoft and Palo Alto is most impressive because of their pervasiveness in the study. With Cisco and Splunk quite prominent as well. And you can see the companies that have been real movers in the market lately like Okta, Crowdstrike, Zscaler, CyberArk, Sailpoint, Auth0..companies we’ve extensively covered in previous episodes as the up and comers. 

And it’s interesting that Datadog is showing up on the vertical axis as they’re becoming more and more competitive to Splunk in this space. The lines are blurring between observability and log analytics and security…and as we’ve previously reported, backup and recovery. 

Further Narrowing the Field

Let’s simplify this picture even more and filter the data to those companies with more than 100 responses in the ETR data set. The chart below shows the same XY view but we require more than 100 responses to be displayed here. In other words, the companies must have a notable market presence to make the cut.

It’s perhaps a bit less crowded but still very much packed, isn’t it? You can see firms that are less prominent in the space like Datadog fell off. The big companies we mentioned are still in — Microsoft, Palo Alto, Cisco and Splunk. And then those with real strong momentum that are somewhat smaller but gaining in the market – Okta with Auth0, which Okta acquired – as we discussed earlier this year – both showing strong. As are Crowstrike, Zscaler and CyberArk, which does identity in competition with Okta. And SentinelOne, which went public mid this year. The company uses AI to do threat detection and has been doing well. Sailpoint and Proofpoint are right on that red elevated line and then a big pack in the middle. 

This is not an easy market to track as virtually every company plays in security. For example, AWS has some of the most advanced security in the business and they’re not in this chart. Yet Microsoft is. And it’s because much of AWS’ security is built into services and Amazon customers leverage the ecosystem and often associate their security with partner products. 

And you’ll see networking companies like Juniper in the ETR data; and players like VMware, which has been acquisitive (e.g. Carbon Black); and many legacy players like Mcafee, RSA and IBM. 

So virtually every company has a security story and that will only become more common in the coming years. 

Charting the Top 10 and Beyond

Below is another look at the ETR data. It’s in a raw form but will give you a sense of two things: 1) How the data from the previous chart is plotted; and 2) A time series of this data. 

The data lists the top companies in the ETR data set sorted by the October Net Score in the rightmost column. Again that measures spending momentum. To make the cut here you had to have more than 100 mentions shown on the left as Shared N – i.e. shared accounts in the data set. And you can track the data from last October, July 2021 and the most recent October survey. 

We drew the red line at just about the 40% Net Score mark and coincidentally there are 10 companies over that figure. We sometimes call out the four star companies as those with both the top ten in spending momentum and the top prominence (Shared N) in the data set. So some of these ten would fit that profile by that methodology. Specifically Microsoft, Okta, Crowdstrike and Palo Alto Networks would be four star companies. 

A couple of other things to point out here. DDOS attacks are still a real threat and a company like Cloudflare, which is just above the red line plays in that space. 

Now we’ve also shaded the companies in the fat middle. Many of these, like Cisco and Splunk for example, are major players in the security space with strong offerings and customer affinity. So this is what makes the security market so interesting – it’s not like the high end disk array market where literally every single company in the Gartner Magic Quadrant is in the upper right. 

This market is diverse with many segments and sub-segments and it’s such a vital space and there are so many holes to fill…with an ever-changing threat landscape as we’ve seen these past two years. 

Wall Street has Rewarded the Opportunities

The growth and diversity in the cybersecurity market make it good hunting ground for investors. There’s plenty of room for more growth…and not just from stealing market share – that opportunity is there – but things like cloud, multi-cloud, shifting endpoints, edge and so forth just make this space ripe for investments. 


To underscore this point, we put together the above chart of some of the pure play security firms to see how their stock performance has done recently. 

The chart shows stock performance and current valuations with the crosshairs at March 1, 2020 – just before lockdown. It’s not hard to see that Okta, Crowdstrike, Zscaler on the left have been big movers. SentinelOne IPO’d mid this year so we don’t show pre-pandemic data for them, but it’s quite obvious that since the lockdown, these six companies have been on a tear. And the most powerful fundamental is hybrid work from home has created a shift in spending priorities for CISOs. 

No longer are organizations just spending on hardening a perimeter. That perimeter has been blown away…the network is flattening…work is what you do…it’s no longer a place. As such threats are on the rise and cloud, endpoint and identity access tools have become increasingly vital. 

So it’s no surprise that the players we’ve listed here – which play quite prominently in those markets – are all on fire. 

The Half Full Scenario

In summary, we want to stress that while the picture is sometimes discouraging, the entire world is becoming more and more tuned in to the threat. And that’s a good thing. Money is pouring in. Technology got us into this problem and technology is a defensive weapon that we’ll use to continue this fight. 

But it’s going to take more than technology.

We get dozens and dozens of inbounds this time of year because we do an annual predictions post so folks want to help us out. Now most of these predictions are just observations…or non-predictions that can’t be measured – as in “were you right or wrong?” For the most part, we like predictions that are binary. 

For example. Last December we predicted that IT spending in 2021 would rebound and grow at 4% relative to 2020. That appears to be a prediction that was off. We think it’s going to grow more like 7%. Not to worry…plenty of our predictions came true but we’ll leave that for another day. 

At any rate – we got an email recently from Dean Fisk of Fisk Partners – a PR firm representing Lyndon Brown, Chief Strategy Officer of Pondurance. Pondurance is a security consultancy. And the email had the standard “hey in case you’re working on a predictions post this yearend…” But instead of sharing a bunch of non-predictions, the note said “here are some trends in cybersecurity that might be worth thinking about.” And there were a few predictions sprinkled in. 

So we want to call out a couple from Lyndon Brown – whom we don’t know…never met the guy- but we thought his trend analysis was thoughtful. 

First we’ll share a stat that the United Nations reports cybercrime is up 600% due to the pandemic. Ugh. 

Ok but Lyndon’s first point was that the hybrid workplace will be the new frontier for cyber. Yes…we totally agree – there are permanent shifts taking place and actually we predicted that last year. But he further cited that many companies went from zero to full digital transformation overnight. And many are still on that journey. And his point is hybrid work will require a complete overhaul of how we think about security. Very true. 

The other point that stood out is that governments are going to crack down on bad behavior. We’ve seen this where cybercriminals have had their infrastructure dismantled by governments – no doubt the U.S. government has the capabilities to do so. But this is tricky as Robert Gates, former Defense Secretary told us on theCUBE a few years back. He said while we have the best offense…we also have the most to lose, so we have to be very careful and judicious. But Lyndon’s key point was you are going to see a much more forward and aggressive public policy and new laws that give crime fighters more latitude. Again this is tricky – like the Patriot Act was – but it’s coming. 

Another call out from Lyndon we’ll share is his assertion that natural disasters will bring increased cyber risk. This is an astute point. Natural disasters are on the rise and when there’s chaos…there’s cash opportunities for criminals.  

We’ll add that the supply chain risk is far from over. This is going to be a continuing theme this coming year and beyond. And one of the things Lyndon Brown said in his note is essentially you can’t take humans out of the equation. Automation alone can’t solve the problem – but some companies operate as though it can. Just as bad human behavior can trump good security – good human education and behavior will be a key weapon in this endless war. 

The last point we would make is we expect to see continued escalation. Government crackdowns will bring retaliation and to Gate’s point – the U.S. has a lot at stake. So expect insurance premiums to go through the roof – assuming you can even get cyber insurance. And so we should hope for the best but for sure we must plan for the worst. Because the enemy is coming on strong and they won’t stop.

Deploy technology aggressively, yes. But people and process will ultimately be the other key ingredients that allow us to live to battle for another day. 

Keep in Touch

Remember we publish each week on this site and siliconangle.com. These episodes are all available as podcasts wherever you listen.

Email david.vellante@siliconangle.com | DM @dvellante on Twitter | Comment on our LinkedIn posts.

Also, check out this ETR Tutorial we created, which explains the spending methodology in more detail.

Watch the full video analysis:

Note: ETR is a separate company from Wikibon/SiliconANGLE.  If you would like to cite or republish any of the company’s data, or inquire about its services, please contact ETR at legal@etr.ai.

All statements made regarding companies or securities are strictly beliefs, points of view and opinions held by SiliconANGLE media, Enterprise Technology Research, other guests on theCUBE and guest writers. Such statements are not recommendations by these individuals to buy, sell or hold any security. The content presented does not constitute investment advice and should not be used as the basis for any investment decision. You and only you are responsible for your investment decisions.

Keep in Touch

Thanks to Alex Myerson and Ken Shifman on production, podcasts and media workflows for Breaking Analysis. Special thanks to Kristen Martin and Cheryl Knight who help us keep our community informed and get the word out. And to Rob Hof, our EiC at SiliconANGLE.

Remember we publish each week on theCUBE Research and SiliconANGLE. These episodes are all available as podcasts wherever you listen.

Email david.vellante@siliconangle.com | DM @dvellante on Twitter | Comment on our LinkedIn posts.

Also, check out this ETR Tutorial we created, which explains the spending methodology in more detail.

Note: ETR is a separate company from theCUBE Research and SiliconANGLE. If you would like to cite or republish any of the company’s data, or inquire about its services, please contact ETR at legal@etr.ai or research@siliconangle.com.

All statements made regarding companies or securities are strictly beliefs, points of view and opinions held by SiliconANGLE Media, Enterprise Technology Research, other guests on theCUBE and guest writers. Such statements are not recommendations by these individuals to buy, sell or hold any security. The content presented does not constitute investment advice and should not be used as the basis for any investment decision. You and only you are responsible for your investment decisions.

Disclosure: Many of the companies cited in Breaking Analysis are sponsors of theCUBE and/or clients of theCUBE Research. None of these firms or other companies have any editorial control over or advanced viewing of what’s published in Breaking Analysis.

You may also be interested in

Book A Briefing

Fill out the form , and our team will be in touch shortly.

Skip to content