Cyber attacks mean big business for small security firms
With cyber attacks continuing to bombard government agencies and companies, there's growing pressure to spend more on securing the networks and platforms where valuable information lives. And this bodes well for security companies - small as well as large.
Cyber criminals aren't the only ones cashing in on espionage and hacking attacks. There are a slew of smaller security software companies that are also poised to rake in profits as cyber threats mount.
With cyber attacks continuing to bombard government agencies and companies, there's growing pressure to spend more on securing the networks and platforms where valuable information lives. And this bodes well for security companies - small as well as large, experts say.
"There is a huge amount of runway for security software companies to sell their technology to enterprises around the world to guard against hackers and protect loss of data that could be devastating to companies," said Daniel Ives, an analyst at FBR Capital Markets.
In fact, only 15 to 20 percent of all private enterprise and federal agencies combined have upgraded their security to the level needed to keep up with the current state of threats, Ives said, which makes it a ripe market for investing.
"I think part of what's happened is there are much more sophisticated types of security out there now that could guard against the threat environment and its brought security software to the top of IT spending lists," he said. "You can't put security spending into the closet anymore."
Companies that are focused on network security are some of the best plays in the space, he said.
Some high growth security software companies that have carved out solid segments in the sector include Palo Alto Networks, Fortinet and Sourcefire, said Ives, who has a buy rating on those stocks.
"Those three," he said, "have separated themselves from the pack. They are focused on network security, and a good proportion of spending is on the network."
Other companies that are also likely to get a boost are Imperva and Proofpoint, he said.
One of the biggest spenders on securing valuable data on networks is the US government.
While US budget cuts continue to stifle federal spending in many departments, the Defense Department is actually planning to ramp up its cyber security spending both defensively and offensively. The Pentagon increased its cyber-operations budget to USD 4.7 billion for 2014, up from USD 3.7 billion this year, according to budget documents.
"There's more potential data being lost in this country than we saw throughout the whole Cold War. It may not be physical, you may not be able to see it, but the amount of data being taken is the equivalent of cargo ships docking on our shore and leaving with our goods," Ives said.
Columbia, Md.-based Sourcefire, which was founded in 2001 and went public in 2007, is one of the companies that will benefit the most from federal spending, Ives said.
"They really skated to where the puck was going. Federal spending was under pressure," he said. "But what was once a headwind has become a strong tailwind for the company."
But it's not just the government ramping up spending, companies across all sectors are boosting their investments in security, said Jason Brvenik, vice president of security strategy at the security firm Sourcefire.
"The reality is no one is safe anymore," Brvenik said. "If you are a company and you have something valuable, they are going to come after you persistently."
One area where fighting cyber attacks will be very profitable is in protecting critical infrastructure - like the electrical grid, water systems and nuclear plants - said Stuart Carlaw, the chief research officer at ABI Research.
Total global spending on security infrastructure is expected to reach USD 86 billion by 2016, up from an estimated USD 65.7 billion this year, according to the Gartner technology firm. And securing electrical grids alone from cyber attacks will be a USD 2.9 billion market by the end of this year, according to ABI Research.
"It really is the wild west, that is the fundamental thing," Carlaw said. "Everyone says the next world war will be a cyber one, but we are already fighting the next world war."
Sourcefire is also one of the biggest players in securing critical systems, as well as a handful of defense contractors - including Lockheed Martin and Northrup Grumman - and other networking companies like Cisco, that also play in this sector, Ives said.
The boom in cyber security spending has also fueled a surge of tech security acquisitions and investments.
Venture capitalists are investing in newer areas in cyber security that haven't fully developed, including mobile security providers and companies focusing on helping the government's offensive strategy, Ted Schlein, a general partner at Kleiner Perkins Caufield and Byers, said on CNBC's "Closing Bell" earlier this year.
"I think there is going to be a new area around offensive cyber, meaning that it's not going to be good enough that we are trying to prevent ourselves from attack, but eventually the government ... will want to set up offensive capabilities," Schlein said. "And that's in event that it's needed for some purposes for the defense of our country. And that's going to create a whole new industry segment."
Endgame Systems, in which Kleiner Perkins has invested, is one of the companies focused on developing offensive technologies and in March it landed USD 23 million backing led by Paladin Capital.
Another example, AirWatch, a mobile security company, raised USD 200 million in February from Insight Ventures and USD 25 million in May from Accel Partners and Insight Ventures, according to CB Insights.
There have also been a number of acquisitions.
The McAfee security firm bought the security company Stonesoft earlier this month for USD 389 million and Blue Coat, which is a web security firm owned by the private equity group Tom Bravo, snagged the Intel-backed security company Solera last week for an undisclosed amount.
Most recently, Vista Equity Partners shelled out USD one billion to acquire Websense, which secures messages and other data.
"Because of the core [intellectual property], strong market opportunity and mature growth, a lot of private equity investors look at these companies and see ways that a lot of fat can be cut and made more valuable," Ives said. "If you put it all together, it's really the ingredients for a surge of M&A activity, as well as on IPO activity."