Confronted with the harsh reality that the Defense Department is facing well over $500 billion in budget cuts over the next decade, defense contractors across the country have begun scrambling to cut costs and are contemplating fundamental changes in a bid to survive. But such concerns are non-existent in one defense specialty — cybersecurity – which continues to grow briskly and attract investors. Moreover, the horizon is cloudless.
This makes perfect sense. Cyber attacks continue to mushroom and grow increasingly sophisticated, and they undoubtedly target the private sector as much as the government sector. Organizations simply don’t have the option of not investing in cyber defense. In one of a continuing stream of big, worrisome attacks, for example, prominent cyber security firm Mandiant earlier this year blamed the Chinese military for stealing hundreds of terabytes of data from scores of organizations since 2006, mostly U.S. energy, aerospace, transportation and financial institutions.
The number of cyber attacks reported by federal agencies, which are more forthcoming than private companies, has soared 782% since 2006 to nearly 49,000 in 2012, according to the U.S. Computer Emergency Readiness Team. Last year alone, attacks jumped 13 percent.
In the private sector, companies that have acknowledged cyber attacks in the last two months include Apple, Twitter, The New York Times Co. and PNC Financial. Not surprisingly, a Deloitte survey last month of almost 2,000 executives found that 58% plan to boost spending on cyber security measures in the next 12 months and that 79% are not confident about the efficacy of their existing measures.
Investors of different stripes are pouring money into the cybersecurity sector. Venture capital-backed startup valuations have generally doubled in the last two years, according to Thomson Reuters (publisher of peHUB). Last year venture capitalists invested $1 billion in cybersecurity startups, an increase of 5%, while venture investing overall declined by 10 percent. That followed a 94% increase in cybersecurity financings in 2011, according to the National Venture Capital Association.
On other fronts, Madison Dearborn Partners has teamed with CoVant Management to form CoVant Technologies, an investment vehicle created to back cybersecurity companies, among others, that work with the government. Meanwhile, private equity firms Monument Capital and Enlightenment Capital are both raising sizable funds to invest in cyber defense opportunities and related areas.
Investors are capitalizing on the steep cost of ubiquitous cyber attacks in the United States and the rest of the world. Antivirus firm Symantec estimated the 2011 global price tag of direct financial loss and the cost of remediating attacks at $338 billion, excluding the theft of intellectual property and damage from data breaches. When the theft of intellectual property is factored in, the total tab is more than $1 trillion, according to former NSA head General Michael Hayden, who describes this theft as “the largest transfer of wealth in the history of mankind.”
IT security has been a problem for years, threatening core economic drivers such as intellectual property, commerce, banking and the Internet. But it has become far more serious as foreign government spy organizations and organized crime have escalated their attacks and replaced young hackers as the chief perpetrators. Aggravating matters has been the explosion of billions of vulnerable, Internet-connected mobile devices worldwide.
Fundamental technical challenges also increase the size of the cybersecurity industry. The U.S. IT infrastructure is built on a decades-old architecture that did not anticipate the speed of today’s computing, the amount of data accessed or the interconnectivity of networks. This means that many cybersecurity companies are working to cover “holes” in computer products of the past while also developing new software and hardware designed to be inherently secure from the start.
So far, no one has managed to serious damage or disrupt critical U.S. infrastructure networks. But it doesn’t take much to imagine the consequences of a hugely successful cyber attack, one that former Defense Secretary Leon Panetta has said could amount to a “cyber Pearl Harbor.”
In a future conflict, an adversary unable to match our military supremacy might seek to exploit our computer vulnerabilities domestically. Scuttling vital banking systems could trigger a financial crisis. A lack of clean water or functioning hospitals could spark a public health emergency. Or there could be power blackouts that bring business, cities and entire regions to a standstill.
We must avoid this future, and strong, ongoing cybersecurity investments and strong industry activity in general — despite the budgetary woes of the Defense Department – suggest the odds are good that we will. Americans rightly expect basic security protection. That’s why water treatment plants test their water regularly for containments, why airplanes have secure cockpit doors and why nuclear power plants have fences and other defenses to thwart a terrorist attack. We’re in the process of adding cyber security to the list, and it’s highly unlikely to be interrupted.
Robert R. Ackerman Jr. is the founder and managing director of Allegis Capital and a formal serial entrepreneur. Ackerman and the Allegis team have been active investors in cybersecurity technologies for the past ten years. Current and past portfolio companies include IronPort Systems (acquired by Cisco in 2007), Solera Networks, Symplified, Bracket Computing and Shape Security.
Photo courtesy of ShutterStock