I have been interested in cybersecurity companies for a few years. It started when I was covering entrepreneurs in the Middle East. Israel, according to a recent source estimate, accounts for around 20% of the early-stage cybersecurity market. My reports suggest that this share has increased over the past five years.
I’ve written about Eureka, Abnormal Security, the general that helped launch the cybersecurity industry in Israel, and Axionus. One thing the companies shared was that they occupied the defensive side of the industry – or at least they told me they did.
Cybersecurity is roughly divided into two parts: defensive players and offensive players, those who are hired to do espionage. These don’t usually advertise, although if they catch the public’s attention, they generate a lot of attention. Like NSO Group, which created the Pegasus spyware.
That may be about to change.
Cybersecurity and cyber operations in general are poised to flourish, due to both the increase in cybercrime and heightened awareness, following Russia’s invasion of Ukraine, of how states use cyberattacks.
The number of data breaches set a new record in 2021, with the number of incidents jumping 68% from 2020 and 23% from the previous high in 2017, the Motley Fool reported, citing Identity Theft Resource Center. Data breaches were up another 14% year-over-year in the first quarter of 2022. Overall, cybercrime is growing at a double-digit pace, the Food reported.
Estimates of spending on cybersecurity vary widely (not something most countries or companies publish) – but they all agree on one thing: it’s growing in double digits every year.
What could change is the acceptability of offensive cybersecurity. As it is increasingly recognized that offensive cyber operations have an inherent advantage over defensive cyber operations, there could be an increase in the number of companies selling an offensive version of their products and services, even publicly.
Here’s a sign of a growing acceptance of offensive cyber operations: a bill that would allow the Department of Homeland Security to study the benefits of “back-hacking.” This part of a larger context
And here’s another one: an interview with Lior Div, former commander of Israel Defense Forces Unit 8200. “Today, using cyber capabilities, you can achieve very good results without killing anyone and without starting an all-out war,” Div. Newsweek. “The cyber dimension allows countries to operate and send a strong signal, but in a much more controlled way.”
This interview was published around the time US President Joe Biden gave Russia a list of banned sectors.
In setting the ground rules, governments seem increasingly comfortable with the idea that good cyber defense is a crime. It will soon migrate openly to the private sector – and after that it could become the next funding boom.